The Doppler Quarterly Fall 2016 - Page 87

that more companies are going to look at the assets they have, and make a decision about either moving to the cloud, or look to find a SaaS alternative. Typically, moving to the cloud requires a significant investment both in infrastructure and in skills. Running a cloud program is hard, and organizations will have to evaluate when they reach what I call the application life stage when an application comes to the end of a hardware cycle, or it is time for a mandatory upgrade. At that point, they will make a decision. My sense is that a lot of companies won’t do too much until they have to. DL: John, Rackspace is placing bets in both public and private clouds. What do you see are the tradeoffs and what are you advising your clients in terms of where to put their stuff? Is private cloud really the anti-public cloud or is it anti-legacy? JE: I think the cloud is an upgrade over your existing legacy. It certainly makes your legacy environment a lot more accessible to you and your users. It makes it something that is more agile and nimble and automatable, and those are all the good things that people love about public cloud. At Rackspace, we are seeing companies upgrade their on-premises environments to be a private cloud or more like a private cloud. Many companies are working hard to figure out how to make private, on-premises environments more cloud like. I do agree that public cloud makes complete sense if you’re a small clean company or a startup without existing data centers. IT is messy. Sometimes existing IT was built over dozens of years, with multiple generations of hardware, software and networking gear. There are also politics involved. People have built their careers around a particular stack of technologies. This can lead companies to use both private and public cloud. Many companies that we encounter are using public cloud for some portion of their IT infrastructure and private cloud for other portions. They intend it to be a long term, multi-year cloud arrangement. DL: Is security still a compelling argument for leveraging private cloud? If so, what specifically is the issue? BG: A lot of what is called security is really compliance, which is a very important reason why compa- nies might require systems to run on their own premises. I think of security as how resistant the resources are to attack, or how well they’re protected against intrusion. I think it is difficult to make the claim that a private cloud can execute security better than what the public cloud providers do on that dimension. We haven’t seen anywhere near the kind of intrusions and hacking into public providers that we’ve seen in companies running their own data environments. From what I’ve seen, there seems to be a gradual acceptance towards public cloud. JE: I agree with Bernard on some aspects. Public cloud providers are very good at security. Google, Amazon and Microsoft are top notch at running security at scale across very large environments. They have a very large investment in the security operations, as we similarly do at Rackspace. Having said that, there are some companies that have very specific security requirements. For example, financial services institutions are responsible for certain regulated data that they don’t want to hand over to a third party. In some cases it is just untenable for them to let that data out of their own facility. I think that clouds can be secure, but public clouds can also be insecure, depending on how they’re operated. This is something we’ve found at Rackspace as we’ve interacted with customers that are using both public and private clouds. A lot of the security depends on what is hosted in the cloud and how that application has been built and architected. The cloud doesn’t magically make an application secure or insecure; it has a lot to do with how you manage it, the policies around it, and compliance sometimes is what forces your hand. DL: Are we dealing with practical reality, or are we protecting our jobs and egos more than we are protecting data? BG: For some companies there are a portion of their applications that must reside on premise for these compliance and security reasons we mentioned. The key question is, do those requirements apply across the entire app ѥ]ɕ ՙЁ́ͅ)͡ձ܁ѼٕȁͬɉȁԁɍиMɱ䰁ԁͬѡݡոѡ)ɕ͔ѕ́ԁѼȁՙ)ɕ͔ѡݕȁ́ɽ䁝Ѽ̸%)10؁Q!=AA1H((0