First, what is the cloud?
The cloud is cool. At least that’s what seems to be the case so much everyone sees it as an evolution. It’s not rare for me to meet recruiters who triumphantly announce that such or such company has decided to move its activities to the cloud. My first question, generally, is “Why are they going to the cloud?”. The answer generally is enough for me to know if I’m going to accept the mission or not. A cloud migration is not an evolution. It’s nothing more than an expensive move.
Because, it’s a fact, we don’t go to the cloud without reason.
The cloud is “someone else’s computer” as we’re used to saying. And it’s true. Where we can master our own resources when we host our own servers, whether network or hardware, the fact of going to the cloud makes you dependent on your host’s infrastructures, for better and for worse.
For the better, first.
By going through a company whose business is to maintain infrastructures, we ensure the quality of services and skills that would be expensive to keep internally. We can also hope that large hosts, by concentrating formidable volumes at the network and hardware level, make economies of scale, impossible for any other company.
Then, risk. Indeed, when we host our own infrastructures ourselves, we assume the risk of failure and financial or image losses associated with these failures. By transferring risks to the host and contractualizing service quality with them, we get rid of this burden. Failure cases covered by the host’s skills are in fact much more numerous than those we could assume, their specialization offering them much more knowledge on this subject.
source: ovh.com
Another positive point, on the cloud, we don’t pay for resources we don’t use, which means we can get rid of useless resources. And it’s even, in my opinion, financially, what justifies cloud use. Large hosts all provide APIs (entry points to manage used services automatically). It’s therefore easy to increase and reduce resources according to activity.
When we define resources of a classic infrastructure, we calculate the maximum resources that will be necessary for its operation during activity peaks, and we get the size of our infrastructure. We therefore pay all the time for resources when they only serve part of the time. Resources that cost the most are those that are useless. Knowing how to get rid of excess resources is therefore a considerable advantage to reduce the overall bill. When we host our own servers, even if we virtualize with solutions like proxmox, xen or vmware, we can’t bring consumption to zero. The cloud allows it, if we’re capable of doing it by making the best use of tools it provides. amazon’s auto-scaling groups are a good example: With a machine template, we can create as many servers as we want, destroy them afterwards with the same ease, and even program in advance the quantity of these servers according to our platform’s activity and time of day.
If we play fully with cloud tools, savings can be there. But there’s a counterpart to all this…
For the worse, then.
First, the cloud is expensive. Because where you only had infrastructure to manage in your own datacenter, there, you’ll pay in addition all hidden costs inherent to good cloud operation: a share of operating costs, engineers marketing, etc. These are costs you probably already pay in your company. So if you decide to just do 1 for 1 on the cloud, without modifying anything, while having internally the skills to do what you’re asking the cloud to do, this will cost you more, for nothing.
Then, going through a cloud provider implies a loss of control over your data. We necessarily pass through an obligation of trust towards the provider. This can be very problematic in many cases. If you host data that doesn’t belong to you, you’ll be held responsible for any leak or impropriety from your provider. Many questions arise about American cloud providers, who dominate the market, held to disclose to their government their data without reservation, via the “patriot act”, then the “cloud act”.
Google and Amazon try to circumvent these rules by installing in Ireland, but it’s complicated to know to what extent their interests in the United States can serve as pressure, and how far their loyalty to Uncle Sam will go.
But the main risk, in my opinion, doesn’t come from the cloud itself. It’s the one who uses it who is most of the time the weak link.
The cloud offers many very powerful tools to develop activities at scales that small companies couldn’t imagine being able to reach before the arrival of clouds. The abstraction created by providers allows anyone to manage powerful and extended infrastructures without having the necessary skills to set them up outside this framework. We can no longer count the number of companies that were set up with developers to whom we gave cloud keys and who had to take charge of administrator work without having the skills. This often results in large security flaws, large infra design problems and uncontrolled costs. A simple instance started for tests and forgotten for a month can make a bill of several thousand euros. A developer who puts in a server the same amount of resources as what they have on their workstation and you multiply the bill by 6, 8 or 10 compared to necessary resources.
Github has set up automatic search for amazon API keys in public repositories of its users. Devs little aware of security questions regularly push everything needed for pirates to take control of their cloud accounts and start instances en masse to mine cryptocurrencies at their company’s expense, or even at their own expense.
The goal is obviously not to throw stones at them. It’s not their job. It’s the biggest cloud risk, in my opinion. It gives the illusion that we master our costs and our risks when it’s nothing. Without knowledge of the host’s profession, we’re dependent on what they’ll want to offer us, making us dream of successes of known startups, which started from nothing and became multinationals.
In conclusion
The cloud can prove to be a wonderful tool to develop activities on a large scale. But the fact that it facilitates maintenance of a globalized infrastructure doesn’t dispense from having deep knowledge of what it does for us. We must also not forget that our data is never better protected than when we have control of flows in which they transit. Geopolitical issues can also invite themselves into the debate when we have sensitive data to process. But if we’re fully aware of the system’s strengths and weaknesses and know how to take advantage of them, possibilities are infinite.
But one thing is sure. We don’t go to the cloud because it’s cool.