Public cloud infrastructure promises many advantages. Cloud vendors provide all the IT resources including applications and hardware, and it is a cost-effective alternative to building your own IT setup.
In 2008, Hungama Digital opted for Amazon Web Services (AWS) to store and manage its enormous data volumes, instead of buying storage ourselves. And based on this experience I can say that it’s prudent to be careful before signing a public cloud infrastructure contract.
Below are some points CIOs should consider before they adopt public cloud model for infrastructure resources.
1) Application criticality: Before hiring public cloud services, a company should identify the business criticality of the application resources it wants from the infrastructure cloud vendor. Companies should only host non-core applications on the public cloud infrastructure. Data and applications core to the business should be hosted in-house. A private/ in-house cloud is a suitable option for core applications since it allows applications and data to reside within the premises. A hybrid cloud with a mix of core and non-core applications is another option.
2) Security measures: Access to a public cloud’s infrastructure resources is usually password protected. Nevertheless, it is prudent to ensure that the cloud infrastructure provider maintains confidentiality of information and protects it from leakage. The most common vulnerability is when your IT team isn’t trained to securely access files from the cloud. For instance, I know of a streaming audio website which streamed files using Flash opted for public cloud infrastructure. The IT team was untrained in the risks involved in accessing files from public clouds, they happened to link an XML file―which was the gateway to the content hosted on the public cloud―to the Flash player, and inadvertently gave free access to copyrighted content to everyone.
3) Scalability: The public cloud infrastructure provider's scalability is an important factor. For instance, let's say a company opts for a disaster recovery site with a cloud hosting vendor. Even though the company may initially start with twenty servers, it may come to need a hundred in due course. The infrastructure of the public cloud vendor should be geared to support such growth.
4) Application compatibility: When opting for public cloud services, carefully read the service terms and agreement as stated by the cloud infrastructure provider. It is best to select a provider who assures backward compatibility for applications. If the cloud infrastructure provider uses open source solutions, but later migrates to proprietary tools, porting applications and data to the new system can be a challenge. CIOs should insist on backward compatibility (with the same brand or any other that was used previously). Ideally, choose a cloud service provider with a stable business model and a good reputation in the public cloud infrastructure industry.
5) Avoid beta versions: Avoid hiring cloud vendors that offer beta services to their clients. If the service is in beta or testing stage, there are bound to be breakdowns. For instance, recently a company purchased beta services from a small-time cloud provider to save costs. But at the time of a disaster, the cloud vendor's servers were not able to move storage instances from one location to another, thus resulting in a huge business loss for the client.
Although many Indian companies opt for beta services to save costs, sometimes a single disaster can wipe out all the savings made on such deals.
About the author: Dipankar Sinha is project manager for infrastructure and hosting at Hungama Digital. Sinha specializes in cloud hosting and development, application architecture design, and infrastructure implementation and management. In the past, he has worked with Kreeda Games, Cleartrip.com, and Puretech Internet.
(As told to Anuradha Ramamirtham)
This was first published in May 2011