- Beth Pariseau, Senior News Writer
While their numbers may be few, organizations that have ventured ahead to run production workloads on a public cloud infrastructure have found particular benefits to a cloud-first approach.
These trailblazers are gaining flexibility and scalability as their business grows and applications change. They are spending less on physical data centers and server hardware. They're enjoying improved disaster recovery and availability, and the public cloud even helps them meet regulatory standards and compliance.
According to a 451 Research survey of 118 respondents conducted in December, just 1% of workload capacity was based in off-premises, non-SaaS environments in 2013. That number, however, is expected to rise to 6% by 2015.
"If we know one thing for certain, it's this: IT budgets are flat and have been for a long time," said Carl Brooks, an analyst with Boston-based 451 Research LLC. "But IT consumption increases on a linear scale. That's an enormous macro pressure for IT shops, and the only way to meet it is to go where capacity is more efficient: outside providers."
It's a slow process, Brooks said, but it is happening. "Look at the dynamic. Hotels don't grow their own food; corporations won't grow their own servers."
However, there's still a long way to go before the typical IT shop feels ready to put production workloads in the cloud, said Gartner cloud analyst Kyle Hilgendorf.
"The trend that I've seen over the last five months is less concern that the providers are ready, but there's more of a realization that the [customer] organization itself is not quite ready," Hilgendorf said.
IT pros must contend with some thorny issues as they consider moving production to the public cloud. Hilgendorf listed governance, identity and access management, accurate cost projection and the development of a strategy for determining which production applications can go to public cloud and which can't.
"There's a very large appetite to run production in the cloud," Hilgendorf said. "But the customers that I talk to are still in the maturity phases where they're sorting through … the work that they've got to do themselves."
In this three-part series, we'll cover the main reasons for a cloud-first initiative, including standards and compliance, automation and growth potential
You shall obey cloud compliance guidelines
Compliance is often cited as a roadblock to public cloud adoption. But for BlueBird Auto Rental Systems LP, based in Dover, N.J., compliance was a driver toward standardizing the company's infrastructure on Amazon Web Services (AWS).
Part 1: Cloud-first initiatives alleviate standards and compliance pain points
Bluebird, which makes software for auto rental companies, offers a hosted version based on AWS as well as an on-premises version that some of its affiliates use instead. Both versions must be certified compliant under the Payment Card Industry Data Security Standard (PCI DSS). Amazon's infrastructure is certified PCI DSS Level 1 compliant; the two environments of Bluebird's hosted application and the AWS infrastructure needed to be certified in tandem.
"The bane of my life is PCI compliance," said Phil Jones, vice president at Bluebird. Just testing systems for PCI compliance costs the business $40,000 annually.
But Robert Rodriguez, a senior product support analyst at Bluebird, said he found it difficult to imagine what the costs would be if the company also had to host sensitive payment card data in its own physical data center.
"By putting it at Amazon, it gives us the ability to make sure that area is as secure as it possibly can be," he said. "And then we don't have to worry as much about, for example, keycard access to the data room and biometric security."
The company moved its servers to Amazon several years ago, but has been through some trial and error when it comes to hardening the environment.
Bluebird started building a virtual private cloud (VPC), but then Jones realized that his database servers shouldn't have access to the Internet. Bluebird is now in the process of migrating 32 database instances from the first VPC into a new VPC with a Network Address Translation (NAT) server between it and the Internet. This work will take about two months to complete.
While the new VPC sits in a lone AWS Availability Zone, Jones said he sees it as an improvement over an internal infrastructure in terms of the company's ability to recover from disaster.
Bluebird first backs up its databases to each instance's local drive, so corrupted databases can be restored quickly. Every night, database images are also sent to AWS's Simple Storage Service (S3). If the local drive's image were to be corrupted, the company could restore from S3. If the entire availability zone were to go down, the company could spin instances up in a new zone, pulling the backups from S3.
"We just got a notice this morning that one of our servers is due to be retired," Jones said. "So we just had to stop it and restart it to bring it up on fresh hardware."
Dig Deeper on Cloud computing standards and compliance
How AWS VPC Traffic Mirroring works
How security teams benefit from traffic mirroring in the cloud
AWS month in review: Security Hub goes live at AWS security conference
Secure Lambda functions and meet cloud compliance standards