Last Updated on January 23, 2022 by Dave Farquhar
Cloud computing is all the rage right now, and it’s created a mess of jargon that can make your head spin. Don’t worry though. No one was born knowing this stuff. So, what is public cloud, and what makes it different from other clouds? Assuming there are other clouds?
Public cloud is a booming business. In Q4 of 2017, Amazon’s cloud business accounted for 60 percent of the company’s total operating income. Amazon made its name selling books, but today it makes its money renting computer time. A lot of people don’t know that. Or at least it seems that way.
There is no cloud. Just other people’s computers.
When cloud computing came into vogue, curmudgeons mused that there’s no such thing as a cloud. There’s your computer, and everyone else’s computers. Cloud just means using someone else’s computer instead of yours.
Then they gleefully pointed out how this is just a throwback to the glory days of IBM, before personal computing. When computers first appeared, computing was centralized. Then microprocessors gave rise to personal computers and decentralization and cost savings.
Then Web 2.0 happened, and that led to new waves of centralization and cost savings.
Yes, you read that right. We decentralized to save money, and then we re-centralized to save money. The difference is, this time we centralized on commodity x86-based servers made by companies like Dell and HP rather than mainframe equipment from companies like IBM and Sperry (now Unisys).
How does cloud computing save money?
Decentralization got you away from paying a fee to IBM every time someone flushed a toilet, which reduced overhead. But over time it led to another form of overhead in the form of sprawl. Companies have staggering numbers of computers these days. That means it’s hard to be in any kind of business without also being a computer company.
We’re basically in a cycle of trading one kind of overhead for another. Decentralizing saved overhead. Until it didn’t. Now recentralizing saves overhead. Someday it won’t, and we’ll go through another wave of decentralization, but that’s probably a couple of decades off.
I came close enough to minoring in history in college to know that history may not repeat itself, but it rhymes. Sometime in the 2030s or 2040s, someone is going to read this and say that Dave guy was right.
What is public cloud? How can there be more than one cloud?
So if there are only two kinds of computers, yours or someone else’s, how can there be more than one cloud? Can’t a computer just be in the cloud, or not in the cloud?
Sort of. The problem with cloud computing is that now you’re storing your data on someone else’s computer. Depending on what business you’re in, and how long you’ve been in business, that might or might not be a problem. As a security professional, part of my job is to be able to tell you how to store your data anywhere with an acceptable level of risk. But the key word is acceptable. Reducing the risk to zero is impossible. Any competent security professional will tell you that.
Some organizations aren’t willing to live with their data living on a network other than the one they own and control. Governments are one example. Financial companies often fall into that same risk profile. I know of two large companies only a few miles from each other with very different tolerances. One is closing its data centers and moving everything they own to public cloud providers such as Amazon Web Services and Microsoft Azure. The other allows no cloud usage. No public cloud usage, that is, because they believe cloud security is too difficult in the public cloud model.
The solution: Private cloud
The thing is, some companies want the low overhead, flexibility, and agility of cloud computing without the data leaving their network. There’s no reason you can’t run cloud software on your own computer instead of someone else’s computer, if only the cloud providers would allow it. So cloud vendors started offering private clouds. Private cloud is their software running on computers sitting in your network. Think of applying the intranet model to cloud computing. Public cloud providers charge a significant premium for it. But if you’re willing to pay the price, you can have it both ways.
So that means there’s a distinction between public cloud and private cloud. Public cloud means software as a service running on someone else’s computers, delivered via the web. Private cloud means software as a service running on computers sitting on your network, delivered via your corporate intranet. Someone else probably manages it. And you may lease the computing resources rather than owning them.
Benefits of cloud computing
I once worked for a company that went backwards. We used a cloud-based SaaS product called Qualys. We switched, for a number of reasons, to a competing product from Rapid 7 that ran on our own computers, locally. I can’t speak for all of the decision makers but I came to regret voting the way I did. Administering the Rapid 7 system turned into a full time job in and of itself. At first I thought it was pretty cool to be a sysadmin again. After a few months, I was thinking I didn’t get all that training and certification to go backwards and be a sysadmin again. One by one, almost everyone involved in the decision went and got a different job.
Retaining good sysadmins is difficult and expensive. Finding good sysadmins is too. Cloud computing lets you outsource that problem. I’d rather let a company like Amazon or Microsoft or Qualys find and retain sysadmins. Qualys delivers about three-nines uptime, which is better than we were able to manage with our Rapid 7 solution.
The public cloud also bakes in solutions to certain difficult computing problems, such as disaster recovery. In the public cloud model, computing resources are already distributed across data centers in varying geographic and even political regions.
Cloud computing gives economies of scale and flexibility that a completely decentralized model can’t match, at least with current technology. Adding capacity as you need it becomes really easy. That’s why so many people are interested in public cloud right now, and companies like Amazon and Microsoft are transforming themselves into cloud computing companies just as quickly as they can to meet that demand, and even the oldest of old-line computing companies, IBM, is getting in on it.
Problems with public cloud
Cloud computing, especially public cloud computing, isn’t without problems. Shadow IT is even harder to control, since cloud computing lets you build rogue systems completely out of sight. And sometimes data residing in the cloud and possibly in a different country is an advantage. Sometimes it’s a disadvantage. If nothing else, securing the data is trickier. That’s why you hear of sensitive data ending up on Amazon servers completely open and unsecured.
But for many companies, the benefits of a cloud strategy outweigh the drawbacks. When I started my career, it could take more than a week to deploy a server. That was a week to ship the hardware, half a day to unbox it, assemble it, and plug it in, and another day or two to load the operating system and applications on it. Today we don’t have a week to do those kinds of deployments. I provisioned and deployed a complex system for a large client earlier this year in five minutes. Businesses expect that now.
But it comes at a cost. When someone figures out how to deliver something decentralized at a lower price, we’ll decentralize to on-prem again.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.