While we continue to move quickly into the public cloud, there is a lot that goes on behind the scenes of many service providers you might find disturbing. Most companies that leverage public clouds are unaware, and perhaps want to be unaware, of some practices behind closed doors. Or, to put it better: things your public cloud provider will never, ever tell you. Let's cover the top four.
1. Their disaster recovery plans won't work as advertised. While most public cloud providers spend many PowerPoint slides selling you on their public cloud's resiliency around outages, most have less-than-sophisticated approaches and rarely test these resiliency services.
The problem is that they have spent so much time and money building public cloud services -- such as storage, compute, development, and the like -- many of their disaster recovery services have not received the attention they deserve.
Most cloud providers are quick to point out that they can't see your data; only you can. However, that's not always the case.
We've seen a few examples of this in outages over the last several years. Mostly it's been an inability to fail over to other zones or regions when needed, usually due to problems that should have been fairly easy to spot and fix.
The good news is, public cloud providers are improving at disaster recovery, and they will provide better resiliency services in the near future. The bad news is, you thought the services were there all along.
2. They have provided information to the government without your knowledge. We all know about the NSA scandal by now, where it came to light that, in some instances, the government was monitoring your data stored in and moving through clouds. A series of revelations by former CIA contractor Edward Snowden shows that the United States, the United Kingdom and perhaps other governments routinely spy on a broad range of Internet services -- although not in the targeted ways most people were led to believe. In many instances, the public cloud provider knew this was going on, typically in response to secret court orders that compelled them to hand over the data.
Of course, cloud providers responded with new privacy features and hopes that the damage to their credibility won't get any worse. According to the Washington Post, "Google is racing to encrypt the torrents of information that flow among its data centers around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments." However, to many who leverage public clouds, this seems like more of a pretrial, and it will take some time to regain trust.
3. They can see your data. Most cloud providers are quick to point out that they can't see your data; only you can. However, that's not always the case.
In some instances, public cloud providers can indeed see your data, and take a quick look. Sometimes they are authorized by the company, or a person who works for a public cloud provider may take a peek for the fun of it. In any event, if you don't do the encryption yourself, it's a potential issue.
To be fair, I suspect that most public cloud providers don't look, nor care about what you store on their cloud. At least, not unless the government calls and has a court order, which relates to the problem above.
4. They are not always cheaper than traditional systems. Sometimes yes, and sometimes no. Most of the time there is a cost benefit to leveraging public clouds. However, you must look at your own cost benefits within your own business to really determine if using the public cloud is indeed cost-effective.
Many businesses have already made a significant investment in infrastructure, and thus moving to cloud computing and leaving that infrastructure unused may not be the right move. Indeed, they could lose millions in the move to the cloud versus taking advantage of investments already made. You have to stop and run the numbers, and most cloud providers don't make that very clear.
Nothing should be too surprising here. Public clouds are not perfect, and they are a business. Thus, public cloud providers will act in their own selfish interests, including spinning information and sometimes just not keeping you informed. That said, public cloud continues to provide value. As time moves on, public cloud will get better at providing value. No matter what they tell you.
About the author:
David "Dave" S. Linthicum is senior vice president of Cloud Technology Partners and an internationally recognized cloud industry expert and thought leader. He is the author and co-author of 13 books on computing, including the best-selling Enterprise Application Integration. Linthicum keynotes at many leading technology conferences on cloud computing, SOA, enterprise application integration and enterprise architecture.
His latest book is Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide. His industry experience includes tenures as chief technology officer and CEO of several successful software companies and upper-level management positions in Fortune 100 companies. In addition, he was an associate professor of computer science for eight years and continues to lecture at major technical colleges and universities, including the University of Virginia, Arizona State University and the University of Wisconsin.