Cloud

The five big myths of cloud computing

Thoran Rodrigues deconstructs the five biggest myths about cloud computing, driven by the cloud "hype" wave.

We are living through a wave of cloud computing hype. It seems like there is a new cloud feature or product being launched by big technology companies almost every day - and sometimes concurrently - and the cloud is at the center of all the important tech industry discussions today, from job creation and destruction to the growth and decline of companies. This hype generates a number of false expectations and concerns that may lead companies into making bad decisions about the technology.

The simple possibility of helping people avoid bad decisions would be reason enough to look into these "myths" that surround the cloud, but other advantages may also come from this exploration: a better understanding of fundamental concepts that can help in the dialogue between vendors, early adopters and those who are still holding back.

The Myth of the Green Cloud

For a few years before the 2008 crisis hit the world's economy, being green was even more fashionable for tech companies than being in the cloud is today. Green IT movements were in full force, and some cloud vendors have been once again raising this banner claiming that moving to the cloud is the greenest decision a company can make. The logic behind this myth is that cloud data centers can optimize the use of computing resources, making them more efficient than any privately-owned data center around.

This, however, is only partly true. What most companies forget is to look for the source of that energy for their data centers. If you operate your own servers in a country where most energy comes from renewable sources (such as Brazil, with a large percentage of hydroelectric power), and you move them to a cloud based in a country whose energy matrix is dominated by thermoelectric power (coal and oil), the net effect may be an increase in your company's carbon footprint. Any cloud is only as green as its power sources.

The Myth of "No More IT Worries"

This is one that almost always causes troubles for first-time cloud users. People move their servers/applications to a cloud environment (IaaS or PaaS) and think that everything will be magically backed-up and updated regularly and that multiple server copies will be hosted on redundant servers without them having to ever worry about it again. This is not true. In fact, Rackspace has been sending out emails to its customers warning them that cloud servers don't come with automated backups enabled, and that they must do this manually. The same thing goes for having contingency servers: you must set this up manually.

It's a common misconception that Rackspace™ automatically backs up your Cloud Server. That isn't the case...

-excerpt from Rackspace e-mail warning that cloud backups aren't enabled automatically.

The Myth of 100% Uptime

This is perhaps the culprit of the "no worries" myth above. Service providers, especially on the IaaS level of the cloud stack, have for some time been offering 100% uptime guarantees. What they don't seem to understand is that no technology is foolproof. I haven't heard of a single service provider out there that has actually been able to deliver on this 100% uptime promise for all customers, so this is simply a misleading promise that may make newcomers feel more at ease than they should. As I've said before, your cloud servers will eventually suffer downtime, and you better be ready for it.

The Myth of Security

The second most discussed issue about the cloud is security, and saying that the cloud is less secure than a private setup has become sort of a knee-jerk reaction for many companies. The truth of the matter is that the cloud by itself is no more (nor less) secure than anything else. On one hand, having services and data concentrated on just a few data centers makes these places much better targets; on the other hand, the concentration increases the likelihood that security patches and updates get properly applied to servers. Who is more likely to maintain updated servers with security monitoring: Rackspace or the thousands of small businesses with Windows XP servers out there?

That is not to say that security shouldn't be a concern. In fact, cloud vendors tend to downplay security to such an extent that it only makes companies more worried about what is going on. What they need to understand is that in order to keep the cloud secure, they need to work together with their customers to establish the proper processes. And, in working together, they need to share the responsibility for the security of the environment as a whole.

The Myth of Cost Savings

Saving the best for last, we come to the greatest enduring myth about the cloud: cloud computing will result in great cost savings for companies. It won't. Cloud computing is about the optimization of computing resources, not their reduction. It allows savings only in the sense that you no longer have to provision servers based on your peak demands, but can instead dynamically grow and shrink your capacity as necessary, paying only for what is in use. If your computing resource needs are fairly steady, there isn't any real gain.

One possible origin for this myth is the fact that, by using the cloud, startups can avoid spending large amounts of money upfront on infrastructure or software licenses. They perceive this lack of upfront investment as cost savings, even if in the long run they may actually spend more.

Myths are a natural part of any hype cycle. Some come from vendors who are overeager to please their customers, others from early adopters who desperately want to defend their positions. By looking at them in a detached manner, we can improve the dialogue surrounding the cloud. While I tried to cover the greatest cloud myths, this list is far from complete. If you think of any others, please share in the comments.

About

After working for a database company for 8 years, Thoran Rodrigues took the opportunity to open a cloud services company. For two years his company has been providing services for several of the largest e-commerce companies in Brazil, and over this t...

29 comments
tkentopp
tkentopp

Did you know, unless you spell out how it works in a disaster, your cloud provider will expect you to continue paying for storage you can't use, though infrastructure to reach it may be out fro extended periods of time. So when recovery expenses are extreme, have fun paying the extra for something you can't use. Or worse, once all users logon, now that usage rates are ski high, overage penalty rates apply - kind of like those cell phone minutes that cost the $1,400 phone bill on a much, much larger scale.

MGORRIZ
MGORRIZ

Some marketeers make people believe that everything will be on the cloud within a relatively short time frame. For simple economical reasons this will not be the case as it will not calculate for a cloud provider to create a solution for a rather seldom used business process. As we will see more standard processes like travel expense reembursement being available I do not see a sophisticated production management control process on the cloud soon.

mike
mike

Rackspace offers some free education videos and curriculum.In the curriculum, called "CloudU", security is covered and, indeed, security is a shared responsibility between the customer and the IAAS provider. CloudU's link: http://www.rackspace.com/knowledge_center/cloudu/

Deadly Ernest
Deadly Ernest

They seek out businesses and talk to them about the wondrous advantages of their system, just the way General U.S.Grant's officers approach the Indians in the 1860s and 1870s and told them about the wonders of living on a reservation. Now, instead of the Sioux and the Apache being asked to move to the Indian reservations, businesses are being asked to move to the Cloud Reservations - and they'll get the exact same care and treatment the Sioux and Apache got.

danbi
danbi

People forget the success of the Cloud of Clouds: The Internet Internet was designed to interconnect everything and everyone. To make any connection virtualized and thus 'in the cloud'. Everyone uses the cloud, every day -- except if they don't use Internet. Not only is the cloud inevitable, it is already everywhere. To those, who argue "but now this is different", with Internet decentralized processing is the norm. For example, when you open an web page the processing is split in two: one part is done on the server, the other part is done on the local browser. The key philosophy of the Internet: the network is dumb, all intelligence is at the end-nodes. Abut security: people have learnt how to secure their Internet communication. Simply do not trust the middle men. This is a paradigm shift. But, with "the cloud", we have the problem that those corporate "IT people" are more or less lacking knowledge. Most of them have been living in their caves (the computer rooms), without concerns of inter-application or even inter-server security. Someone else (Microsoft?) was claiming they are secure and that's it. Yes, for those people, the cloud will be hostile place, no matter what. Another problem is, that most of the corporate software is simply not designed for distributed computing. The cloud is bad match for this and usually ends up being more expensive. Anyway, when all is properly done, it really doesn't matter who owns the physical hardware that runs your applications. Or where it is located. It is just that... not everybody can benefit from the cloud offerings.

johneaston
johneaston

The article's observations on green IT are both right and wrong. Yes, if you source capacity in the cloud you might increase the overall "emissions cost" of procuring a service since you don't necessarily know the carbon intensity of the fuels mix for the electricity that will power those data centres, or the thermo-electrical efficiency of their IT setup. But the way that carbon accounting works dictates (wrongly I believe) that any emissions that exist outside an organisation's "emissions boundary" can be excluded since they are not ???owned??? by the organisation in question. So while moving IT offsite and into the cloud will not necessarily save emissions and might actually add to them in real terms, the accountancy loophole for some larger entities for whom emissions reporting is mandatory is that they no longer have to account at all for their emissions that exist in the cloud (if you will excuse the mixed metaphor)...

lesaus1
lesaus1

So many companies have been burned believing the outsourcers of the 90's, I find it hard that they're lining up to be taken for another ride. How long before servers end up in India because "operating expenses are so much lower", without mentioning that Indian law provides no guarantee of privacy or security?

hforman
hforman

Too many people just stick private data on a public cloud because they "think" it is more secure. It can't be, in most cases? Why? Read the FAQs, Terms of Service and Privacy policies of any public cloud provider. In many cases: 1) The provider DOES scan your uploads electronically. All of them. 2) In many cases, employees of the provider do read your postings. 3) Many of the big providers keep your data all over the globe. Employees do NOT get their backgrounds checked. 4) Many of the providers require you to give them permission to publicly display your data, regardless of the reason they give you for this, which is usually very weak. They now require that you have the permission to give them these rights. Yes, these points were written for the cloud, not some video sharing system. 5) Some of the big providers have already been hacked and client data exposed. 6) If you read the terms you will notice that the provider takes no responsibility for your data. None. And the most you can sue for is USD $1000. 7) They reserve the right to give your data to affiliated third parties (can we say, "Advertisers"? 8) Many do NOT take responsibility for HIPAA (medical records) compliance. They already claim that they are not required to be HIPAA-compliant. But maybe you are. What about criminal data? CJIS? One claims that no provider is CJIS-compatible. Yet we know of at least three small cloud providers (eg, Datamaxx) that are certified. So, can you legally put medical records on the big providers cloud services? I think not. Can you put crime scene photos up there? I doubt it since some say lewd and disgusting photos cannot be uploaded, not to mention CJIS. 9) Remember the two British people who Tweated about "destroying America"? Their tweats wound up at the Department of Homeland Security in the U.S. How did that happen? So, I disagree that security is the same at either a cloud provider or internal. At least your internal employees have probably signed a non-disclosure agreement. All bets are off if you don't have a signed contract with a provider specifying how secure your data will be. I hope brick-and-mortar stores are not keeping my credit card information on some public cloud..... If you don't believe this, go to their websites and start reading..

ManoaHI
ManoaHI

I'm not sure why this is a myth. For anyone claiming 100% uptime, this is a lie not a "myth."

alg20121
alg20121

In true geek fashion we only think about the electronic threats. What about the physical bomb threat to a data center which would cause massive data loss and down time (unless there is a complete back up facility off site somewhere). A small plane can do a lot of damage if crashed right.

cwarner7_11
cwarner7_11

The "100%" uptime has been proven to be totally unsupportable by recent US Government actions in the Dotcom case. Innocent users have been denied access to their data, with no legal recourse, because other users have used the service for alleged illegal purposes. Do you know if all of the users of your cloud provider's services are in strict compliance with the law? Do you have any idea who the other customers are? What prevents the US Government, or any other government that feels threatened, from blocking access to the servers because of some perceived threat or illegal activity? What protects you from a competitor using political connections to gain access to your sensitive data?

info
info

A very well-written article. All of the 'Pro-Cloud' articles I've seen on there always seem to have a very strong personal bias written 'between the lines'. This one has almost none of that, and leaves it to the reader to make their own judgement based on the factual data presented. Nice counter to all of the 'There are NO Downsides to Cloud' hype I see racing around these days.

tmac9182
tmac9182

Many of my customer do not understand that moving a set of servers from a 10/100 Intranet to "The Cloud" when they only have a single T1 at 1.5Mbps will slow performance. By the time you figure the extra bandwidth needed to support some small to medium businesses the cost savings is significantly less, if not gone. For small startups, and companies under 10 users with little to no application bandwidth needs, Cloud is a great way to get started without the expense of an IT Infrastructure. For companies with 50 or more users (all onsite) and heavy database, CRM, and application needs, Cloud can be difficult unless you shell out the buck$ for ISP bandwidth, and premium access on your rackspace. And as someone mentioned, there is far less control over your information and configuration when you 3rd-Party your IT Support.

gak
gak

One myth is missing. It should be "Nobody needs cloud" or "Cloud is more than marketing hype". Or both, let the user decide. It is true that Cloud allows to pay only when you need. The downside is that if something interesting happens, everybody will need computing power at the same time and somebody or, if the Cloud is 100% fair, everybody will not get it. One (1) such event will turn years of "optimization" into a net loss.

Tony Hopkinson
Tony Hopkinson

The cloud is about improving things for the consumer. Nope it's about seriously improving things for suppliers.

Deadly Ernest
Deadly Ernest

1. No More IT Worries Myth You forgot to mention the business will still require an IT section to manage the maintenance of the devices being used in the company to access the cloud servers and also to manage the gateway for access to the Internet in the first place, even if it is smaller due to a lot of things being put 'out there' somewhere. 2. 100% uptime Sure you can build a server farm centre that has a built in redundancy and back up power to ensure the farm stays up, but there is no way in hell any company can guarantee a 100% uptime of Internet access for both the server farm and any business. This is due to the possible breaks that can occur in the comms links between wither end and their access to the Internet and the links between Internet nods. Nor can they make guarantees about the continued power supply at all the required links between. I know of a city that lost all Internet access and external comms links when the only main trunk into it got torn apart. Now it is rare for a city to have only one main trunk line, but that was the situation here as it's has sea on three sides so the only trunk went out along the promontory connection to the mainland. I've also seen suburbs loose their trunk connection to the main city system due to someone digging a hole and not checking if that spot was safe to work in. Lots of other factors come into play. 3. Security Now I have to admit to having a different view of security here due to my background. But I've worked in IT organisation where everyone who could possible gain a legitimate electronic or physical access to the servers HAVE to have a certain level of national security classification because the company has a government contract that involves working on classified material. I doubt any cloud service can provide guarantee on having ALL involved staff cleared. Nor is it cheap. Also, I doubt the cloud companies will be checking if anyone they hire to work in the server farm has a grudge against any of their clients or bother checking if such an issue is a possible event when a new client signs up. Then you have the concerns about WHAT country the cloud servers are in, and how will they protect the data in line with the laws of the country the business is in. Also, can they protect a foreign client's data from the local gov't agencies, I doubt it. ................................. I seriously doubt anyone trying to sell cloud services asks their clients to consider these sorts of complex issues, and I doubt many of the money boys making the final decisions even think about them either as many such issues would be outside their usual work frame of reference.

DAS01
DAS01

Hear, hear! And what about when operating in areas and countries where the internet is flaky? There are a lot of those around.

Necker
Necker

What a fantastic read. Thoran Rodrigues has voiced some things many do not want to hear and those so far invested in time and money cloud-wise will not want to acknowledge. Come on guys, all of what was written is just common sense, accept this and then lets talk. I still feel that theres no 'substance' to the cloud argument in most already established small to mid size businesses. 10 out of 10 Thoran. .

slingzenarrowzuvowtrayjissforchin
slingzenarrowzuvowtrayjissforchin

I accept the argument that the cloud isn't [i]necessarily[/i] inherently any less secure, but you can't dismiss the psychological value of having the security of your data under your own control. That's a huge factor in the decision to entrust my data to someone else. I'm willing to take responsibility for the security of my data, and that includes performing my own due diligence in keeping myself apprised of threats, and implementing the best available measures to defend against them. I simply can't have the same level of confidence when I delegate that responsibility to someone over whom I have no control. The other factor (which you did mention) is the whopping big target that such a huge concentration of data presents. There is no "safety in numbers" if the very size of the target increases the likelihood of attack. The argument that the cloud is more secure for those who otherwise might fail to patch or update their own in-house systems if they're [b]not[/b] part of the cloud doesn't matter to me. I can't control them either. I'm not interested in "sharing the responsibility" of security with a vendor of cloud services. As far as I'm concerned, if I have to stay on top of their security practices to ensure they don't slip up, they're asking me to do their job for them. I might as well do it myself. At least then I'll have less uncertainty about whether the job is being done right.

Tony Hopkinson
Tony Hopkinson

and try to sell us Garner BS as well. You can get your data from only one place in the cloud Your vendor! That's the selling point to suppliers. Yes we are propeller heads, but we have been around in business long enough to get a vague appreciation of what bottom line means...

Deadly Ernest
Deadly Ernest

designed for and to do. The US Dept of Defense wanted a communications system that was node based and did NOT require a solid end to end link to allow the messages to get through. As one person who was there during the early stages has remarked in an interview, 'We were told they wanted an electronic system that worked like the mail system does and the old Pony Express system did. Not like the telegraph system. The messages need to be passed from point to point without having to know a connection beyond the next point. And we want it on the civilian phone system as a back up." That was back at the height of the Cold War and the threat of nuclear strikes taking out major comms nodes. Well, they got what they wanted. but once it was in place they started to use it for research and other non military communications. And it's grown wild with civilian usage since.

Tony Hopkinson
Tony Hopkinson

is greed. Got them right in their blind spot again.

Deadly Ernest
Deadly Ernest

Imagine this: 1. Cloud International Inc provides cloud services and offers a twenty million dollar guarantee of security and privacy of data. 2. Innovations House Inc use Cloud International Inc for their services. 3. We Own Your Base Inc offers Cloud International Inc forty million dollars for a copy of the Innovations House Inc database, and the deal is accepted. They sue the data to steal fifty million dollars of business from Innovations House Inc. 4. Innovations House Inc find out their data is breached and sue, they get twenty million dollars but have just lost business opportunities that cost them fifty million dollars. 5. Cloud International Inc payout the twenty million dollar guarantee, but still make a twenty million dollar profit on the deal. Two out of three make a big win but the real owner of the data has a big loss just because they went out of house. The above is what's known as industrial espionage and happens all the time, so it's a real likely event to happen.

CharlieSpencer
CharlieSpencer

that makes cloud providers no different from any other business. All suppliers are about making money.

Analyst A.
Analyst A.

Besides concerns you've mentioned the cloud services are a great aid to the industrial espionage - additional links in the connection chain = more opportunities to hack into it by either technological or social engineering means.

ian
ian

Considering the fact Thoran owns a cloud service, the article was certainly unbiased. Great article, thanks Thoran.

Tony Hopkinson
Tony Hopkinson

But other businesses are way more honest about it. I listen to some of these boys and you'd think they were a charity or something.