This content is part of the Essential Guide: Key IT metrics: A CIO guide

Pains of assessing cloud computing costs lingers

Executives still struggle to address cloud problems like cost assessment. Consultant Tom Nolle breaks down several of the lingering cloud issues.

Many companies now have more than two years' experience with cloud computing, and nearly every major company has at least a few applications in the cloud. Despite that experience, cloud buyers still have unresolved concerns. For the cloud to reach its full potential, these concerns will have to be addressed by cloud sellers and planners. They are the ones assessing service options like platform service features, cost effects of application integration and cloud bursting, governance, and security.

CIOs and CFOs agree that the biggest pain point in the cloud is assessing costs, but it's less a question of how much "cloud computing" costs than how cost and benefits are affected by cloud features beyond basic infrastructure as a service (IaaS). This starts with the basic question: "What as-a-service model is best?" IaaS has the lowest cost and the largest number of competing providers, but platform as a service (PaaS) and software as a service (SaaS) will reduce user licensing and operations costs more. Most companies have difficulty assessing just what these benefits will mean, so executives struggle with whether to move beyond IaaS.

The second challenge with cost assessment is selecting hosting options. Features like dedicated servers, availability zones and VPN integration all add to cloud computing costs but can improve availability and performance. Is there enough of a difference to justify those added costs? Most companies still have difficulty deciding.

A related issue is the Web service or "platform service" features offered by many cloud companies, including Amazon. These range from basic database management system tools to advanced workflow management and content caching. Virtually every cloud application could benefit from at least one of these advanced hosted features. But in this case, the challenge is integrating them with the applications. Many platform services have to be invoked by the applications, which means changing the programs to accommodate the extra services.

In some cases, applications can be so totally redrawn by platform service use that they become cloud-specific. Startup companies like social networking firms make better use of the cloud than enterprises because they write applications for cloud-specific platform services that support better distribution of work, higher performance and higher availability, according to my sources. Enterprises are finding it difficult to learn about these tools.

The third pain point relates to cloud agility. Most executives contemplating cloud use believe the ability to spawn copies of application components is critical. The challenge has been determining just what mechanisms should be used, how much they'll cost and what the benefit will be.

Component scaling and failover usually demand some form of load-balancing or workflow management, which means a new, specialized component. Some questions to consider when looking into these features include:

  • Where does it run, in the cloud or in the data center?
  • What conditions would indicate that components can be efficiently scaled into the public cloud versus into a private cloud or data center?
  • What are the application performance and availability considerations of hosting in the public cloud and creating hybrids that cross the public and private boundary?

The final pain point is perhaps the most recognized, though not the one affecting the project most. Security and governance are different in the cloud. Worse yet, the differences vary widely depending on the way the cloud is used and how cloud-hosted components relate to the company's own data center components. Traditional internal audits of applications fail to detect problems as often as 60% of the time, according to some users, because the auditors don't see all of the application's possible operating states and can't certify operation overall. Because what auditors don't see doesn't go in a report, compliance and security breaches are left waiting in the wings.

A big part of the challenge of governance and security arises because auditors and cloud planners aren't used to thinking of deployed applications as having a finite series of operating states, each of which has to have valid functionality, security and compliance. Applications with variable operating states can and do exist within the data center; they're a consequence of new efforts to empower workers with more useful information.

Addressing cloud pain points

The resolution of all these pain points lies in better project management and a full-scale operations trial of cloud applications. The former can ensure that all of the cloud technology choices are identified for review and can set criteria for aligning proposed features and costs with benefits. Management can also help identify the operating states of an application that have to be verified and secured.

Users report that, at least at this stage, good management practices aren't enough because they're likely incomplete no matter how hard a company tries to ensure they're comprehensive. An operations trial is critical, and it differs from traditional trials in that it's designed to operate at sufficient scale to expose the costs, test alternatives and verify the places where security, compliance and governance tools and practices have to change.

Operations trials are also where tools and techniques for application lifecycle management and deployment and operations can be tried. It's important to look beyond the current application to the range of candidates for cloud deployment to ensure that the tools selected will be suitable for every necessary task. Otherwise, a cloud project could be complicated by the need to change and add basic tools and adapt practices. That's not the formula for cloud success.

Next Steps

How to understand cloud compliance

Understanding cloud security risks

Integration issues follow apps into the cloud

Dig Deeper on Cloud pricing and cost optimization