Indian CIOs fear public cloud for the wrong reasons

Since January 2015 I have been meeting enterprise CIOs with an intention to serve them with any of the services which our company offers. Invariably every discussion revolves around public cloud. There are a few who have successfully moved workloads, or executed some pilots. Many are sitting on the fence, while a few others view cloud with a lot of suspicion and even fear.

My gathering is that CIOs are scared of moving to cloud for some wrong reasons. The biggest reason is actually a political one. Many CIOs and IS Managers are scared that their significance would reduce if they shift IT workloads to a third party or public cloud provider.  A fear that the average IT reseller rightfully has is shared by many CIOs too. And they feed on each other to keep a decision on public cloud postponed indefinitely.

While I understand the fear which IT resellers have about public cloud, I am unable to fathom why CIOs should feel out of control if they adopt public cloud.

I also gather that many CIOs have actually been pushed to buy into public cloud by peer pressure and also by their CFOs or even the CEO who keeps asking the CIO why are they not exploring public cloud. Now a CFO often asks such questions because most public cloud providers have connected with C level executives through direct and indirect PR initiatives and driven the message that public cloud saves money especially since you are shifting to an OPEX model with public cloud. This is a dialogue that connects  well with most CFOs.

However most CIOs use the excuse of lack of security on cloud as a reason to postpone plans of moving onto a public cloud service. Since IT security is a technical subject, and most CFOs and CEOs would not argue with a CIO on a technical matter, and would probably buy that argument.

Is Public Cloud unsecured?

I feel that unless you are a critical defense supplier or represent a government department, security should be the last reason to stay away from considering public cloud.

Why? Amazon, Google, Microsoft and other public cloud providers have pumped in millions of dollars and continue pumping in millions every quarter to secure their data centers from every conceivable threat. NSA snooping is another story. But do you see any valid reason to believe why US government, FBI or CIA should be interested in accessing your data. If you have a valid reason, stay away from buying any hardware or software from any American supplier too.

Look at the kind of companies that have moved onto Amazon or Google or Microsoft Azure. FBI, CIA, Pentagon have all made significant investments on Amazon AWS. GE is reportedly shutting down several data centers and moving workloads onto Amazon. Netflix and Dropbox are some of the biggest customers of Amazon. Apple iCloud, Pixar, Ebay, Travelocity, Boeing, Samsung, Xerox and 3M are examples of Microsoft Azure customers. Google boasts of names such as Citrix, AirBnb, Tivo, Khan Academy.

If all of them can trust a public cloud vendor why can’t an Indian enterprise? So security should not be the real concern.

Some cloud providers do give you an impression that you cannot possibly lose data on the cloud. This is farthest from the truth. But possibilities of losing data hosted on cloud is as high or as low as the one hosted in your own on-premises data center. To protect data and prevent data loss the best practices apply. You will need to build in redundancy and must invest in backups.

Probably it becomes simpler with public cloud, since a backup, load balancing or even fault tolerant storage can be implemented using software APIs.
Will public cloud take away control?
Most CIOs run an IT organization with a bunch of internal IT workers, external service providers and vendors from whom they would purchase some product or service. So essentially the job of the CIO is to ensure that the IT organization runs efficiently through written and unwritten Service Level Agreements(SLAs).

Public cloud does not really change that. Consider running a simple mail service. In the classic model, you would set up infrastructure which would mean buy servers, storage, backup and software. Depending on the availability  and requirements  you would keep beefing up infrastructure and invest in redundancy.

With Google Apps or Microsoft Office 365 you don’t spend on infrastructure but you sign up for a service where you pay per user. When there is a downtime you depend on Microsoft or Google to set thing back, and not on your engineers or your vendor engineers. In almost 99 percent of cases, you can be assured that downtimes would be lesser off public cloud.

In fact life would be lot more simpler because you can orchestrate a bunch of services through a list of software APIs.

What will change is the kind of skills sets the technical team members will need to possess. Break and fix technicians will still be needed to take care of your local network or client devices. But you will need to have a team which understands software APIs whether inhouse or outsourced.

Imagine during the peak hours of auditing instead of setting up and allocating an extra server for your finance team, you would just spin up a new virtual machine with a few clicks of a few buttons and in a few minutes make it available to the team. You may shut it down after 15 days or every day after office hours and end up with a bill of just a hundred dollars.

Things really don’t change for the CIO. Control would remain with the CIO if he plays his cards well.

Why should a CIO be worried?
Though the price wars between Google, Microsoft and Amazon have resulted in major price cuts, cloud services are still fairly expensive, especially when you have the benefit of system admins who are paid Indian salaries. It’s difficult to arrive at a number, but my calculations point to not less than 40 percent savings for a typical Indian enterprise if they look at a hybrid model instead of an all out investment on public cloud. A hosted infrastructure of renting out dedicated root servers would be lot cheaper than investing into public cloud, if you know how to architect your applications and plan for contingencies such as attacks, outages, spikes and hardware failures. My calculations indicate that savings could be as high as 70 percent off your public cloud bill with a hybrid model on cheap dedicated root servers.
That aside the only other concern is potential lock-ins. If you really want to take advantage of a public cloud you need to invest into various services that are offered by the cloud vendor. So if you are on Amazon and are running a MySQL server, it makes more sense to invest in Amazon RDS. As you progress you will figure out it makes more sense to keep using services which Amazon provides, and you stand a chance of getting locked.

The top three public cloud providers run proprietary standards, APIs and technologies that are not compatible with each other. And then there are Platform-as-a-services players(PaaS). IBM is touting its Platform-as-a-service Blue Mix which will not work on other cloud platform nor is it compatible with any of the competition such as Heroku.
While there is a lot of effort to build tools and services that offer compatibility, all of the effort is third-party.  Hence remember once you sign up with a public cloud provider and you start utilizing  various services, you may be locked in for good. That could be a business risk which needs clear evaluation.
Even if it’s so is that such a terrible thing? No. I would feel not. 80 percent of organizations are already locked in with some vendor or other for most critical of their IT stacks.

AWS is by far the largest in Infrastructure-as-a-service  by a wide margin. Azure, IBM and Google follows. There are another hundred odd players in the space, some of them are not really cloud vendors and are just glorified VPS providers.

Public cloud market is all set for consolidation. We have already seen HP exiting the space with HP Helion Public cloud services. Rackspace is also all but exited the space.Consolidation will not slow down price wars. Price cuts will continue for next few quarters, and from there it will taper down.

In 2011 I made a comparison of running some workloads on AWS versus running similar workloads on a bunch of dedicated servers. The cost difference ratio was 1:6 in favour of running the workload on dedicated servers. Today that ratio is just less than 1:3. And with every price cut, and every new automated feature AWS is bridging the gap if you consider the TCO(Total Cost of Operations) too. And other vendors are bettering the prices.
The transformation of the CIO
Going hybrid would be the first step and in most cases the last step which a CIO need to take as they embrace public cloud. This is where the transformation of the CIO will happen. So from a negotiator with vendors and consultants, and a taskmaster delegating work to the IT teams, the CIO will see himself as more like a conductor or director of an orchestra with his lieutenants playing the role of concertmasters.