Elsewhere in The Register Cloud Channel we write about risk, compliance and security issues ( - for instance). Here we simply record the argument that scale economies enable vendors to deliver service improvements in these three areas.
Over to Reg reader 'richard.cohn', who points out:
"Looking at "Software As A Service"-Style cloud vendors like Salesforce and Google (apps), they do indeed have quite strong incentives (read: funding, staffing) to "do security properly". Security is part of their "core business" and not just part of that "support function IT".
A single highly competent (read: expensive) security expert can secure millions of Salesforce users, while an inhouse-system will never get that attention."
Note, that vendor scale does not necessarily translate into lower costs for customers here, but that surely is a secondary consideration.
Platform as a Service
PaaS is a booming cloud offering targeted at developers. A PaaS provider offers up APIs allowing applications to transparently tap into feature sets, redundancy and sheer scale developers would otherwise be unable to front. A small developer can go from “my first smartphone app” to a SaaS offering living in a dozen data centres around the world overnight.
Software development studios will find the greatest benefit here; building their offerings on top of a PaaS stack is a quick route to marketing a reliable SaaS application. Developers only have to focus on the code; everything else is taken care of for them.
End users benefit from PaaS offerings as well. SaaS on PaaS applications are more robust, reliable and scalable than SaaS on custom infrastructure. SaaS on PaaS also enable small and mid-sized developers to provide higher quality application at a lower cost than do-it-yourself options.
The downside is lock-in; a trap developers and end users alike are justifiably terrified of. Once your application has been coded to the API of a specific PaaS provider, porting it can be very difficult. Should that PaaS provider alter their terms of service in an unacceptable manner, fail to deliver on their SLA or go bankrupt, the developer and all their clients are out of luck.
Workarounds are beginning to emerge; the Eucalyptus project famously enjoys close compatibility with Amazon’s APIs. Windows Azure, Microsoft’s PaaS, is also interestingly positioned. Other vendors offer projects which are designed to allow multiple providers to create offerings based on a common API. Hope for future interoperability is also present amongst the various cross-provider cloud API projects.
This as-a-service model is an important shift in how outsourced IT services are marketed. Admittedly, there are some basic differences with the outsourced services of yesteryear, especially in pricing models, but at their heart, most cloud computing services are outsourced services.
And at a minimum, each service outsourced increases administrative overhead. The latest trend in IT outsourcing – the hosted cloud – also offers up questions about SLAs, portability, privacy and ownership of data.
Despite this, I remain optimistic. Internal clouds have already demonstrated their value. The major kinks have been worked out, the ROI proposition is clear. The hosted cloud offers the possibility of spending less time with maintenance. If it can deliver, then the opportunity exists - with the right services-split - to greatly reduce the workload of existing staff. ®
Trevor Pott is a sysadmin, based in Edmonton, Canada