"I Really Don't Know Clouds at All"

Joni Mitchell is best know as a musician, but is she also a 'technology philosopher', ahead of her time?  The growing cloud discussion reminded me of her song "Both Sides Now", and the line "I Really Don't Know Clouds At All"

Do we really have a clear view of clouds? While there is an 'official' definition from NIST*, it's not the same as the definition in business magazines, technology magazines, or tech vendor presentations. The descriptors are all over the place: infinitely scalable, highly available, unreliable, unsecured, low cost, hidden cost, flexible, proprietary ... and the list goes on.
The reality is, they are all true, to a degree. So now what?

Here are five key requirements I recommend you address as you begin your 'cloud journey':

1. 'Risk Posture':  Work with your compliance, security, legal, and regulatory experts to consider items such as:

• Location: What data can reside somewhere outside of my facility, state, country, etc.
• Control: How much control am I willing to give to a third party (think about subpoenas being served to an external provider)?

2. Financial Profile: Determine how you will evaluate the options financially. Key factors include:

• How much am I willing to invest up front?
• How much variability do I want / can I effectively manage?
• Do I want to be able to chargeback (or at least report) at a user / department level?
• Do I understand ALL the associated costs (there are sometimes additional charges for connectivity, etc. that are not well understood / explained)?

3. Service Criticality: Ensure the solution will be capable of meeting your reliability expectations. Contractual terms, while important, are little consolation for critical service failures. When you consider options, make sure you have a full understanding of the technology underneath the solution (e.g., possible failure points, fail-over options, and disaster recovery aspects).

4. Flexibility: Determine the amount of flexibility you want to maintain for future growth, moving to other vendors, etc. While there can be benefits to embracing a specific platform, there are also risks of becoming 'trapped' as new factors emerge.

5. Participation: A powerful option is a 'hybrid' / 'federated' model where some of the service is managed internally, while the remainder is managed by a third party. Determine your ability to effectively manage / operate some of the service internally. This is often a great option for more sensitive or critical functions.

What other requirements are you including in your decision making?

*NIST defines cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."