I’ve heard that line before many times. I’ve even said it a few myself. There’s a great deal of truth to it, too. In an age of increasing data collection and data surveillance, do you really want to entrust your data to someone else’s hard drive?
But analysts and marketers keep touting the advantages of “the cloud”, as though it were actually something new and shiny rather than just shared hosting, rebranded. So which is it? Is the “cloud” really something new, or just the same security risk as the late 90s?
The problem is that there are two very distinct concepts being conflated with the same term. (English, and analyst firms, are really good at that.) For the sake of disambiguation let’s refer to them as The Cloud(™) and cloud computing.
The Cloud(™) refers to avoiding the costs, risks, and management headaches of maintaining your own server. It gets its name from the “big cloud graphic” that often populated flow charts around 2000 or so to represent “the Internet, that big complex thing that we just assume works”. The technology underlying it has changed over the years, and encompasses nearly every XaaS you can think of: Infrastructure as a Service (someone else’s hard drive), Platform as a Service (someone else’s operating system), Software as a Service (someone else’s program), etc. All are, in market-speak, part of The Cloud(™), or rather a form of IT outsourcing.
As with any form of outsourcing, there are both costs and benefits. The benefits are fairly straightforward: Turn high-complexity tasks over to professionals who specialize in it, and therefore can do it better, faster, and cheaper than doing it in-house. That can result in cost savings, as well as better cost predictability. You can focus on your core business, rather than complex incidentals. Is it really important for your business to have a 24/7 on-call sysadmin every day of the year, just for the one day a year that the payroll system needs to be rebooted at 3 am?
Of course, outsourcing always has costs. The largest is lack of control; whatever services you outsource are at the whim of the company you outsourced them to. Need to scale a service? Need to add a feature? Need to correct a mistake? Only if your vendor allows it. The other major concern is privacy: Data on someone else’s hard drive means someone else can access it, or can be forced into accessing it, either legally or illegally. (Hello, NSA.) Do you trust your critical business data to someone else’s hard drive?
The trade-off between doing something yourself and outsourcing it is always a balancing act. What things are worth outsourcing and what services are better off kept within your own firewall (if you even have a firewall) is a case-by-case decision that every company needs to make, with open eyes about the pros and cons of doing so.
Despite the shared atmospheric reference, cloud computing is in no way coupled to outsourcing. Cloud computing is an evolved form of virtualization: Rather than have a single physical computer equal a single logical system, cloud computing takes a cluster of physical computers and creates many logical systems on top of them, abstracting away the different physical boxes. That lets you create new “servers” that are purpose-built for a specific use case entirely from software and throw them away when you’re done, without having to get out your screwdriver or spend money on more electronics.
The first generation of cloud computing systems used virtual machines, but more recently most systems have moved to far cheaper and more efficient Linux containers. In either case, though, the result is the same: Decouple physical hardware from logical systems and get vastly improved flexibility, security, power, and cost savings, plus open up new architectural designs that would have been impossible with server-per-physical-box.
Of course, while cloud computing environments are powerful they are also not especially easy to setup and maintain. At one level it’s “just software”, and people have built cloud clusters using Raspberry Pis (Why? Because it’s fun, that’s why), but running a production-quality cloud computing cluster is, in the end, no easier than running a production-quality physical-computer cluster; you still need one of those anyway. That makes a cloud computing cluster ripe for outsourcing to The Cloud(™), with all the same benefits and drawbacks as anything else that gets outsourced to an external vendor.
Staying safe in The Cloud(™)
So you want the benefits of cloud computing, but want to minimize the risks of The Cloud(™)? There are a number of questions you should ask yourself when evaluating a vendor.
- If I outgrow this service provider, can I take my business elsewhere or am I locked into their system?
- How well can I customize this service provider’s service, or am I stuck with a one-size-fits-all approach?
- Do I trust the service provider’s infrastructure, especially with regard to data integrity laws in various countries?
How much each of those matters will depend on your business. However, remember the golden rule of The Cloud(™): It’s always someone else’s hard drive, subject to someone else’s business needs, not yours. Always make sure you have a backup plan to take your business elsewhere in a hurry should you ever need to.
Platform.sh as a Service
We of course feel Platform.sh does well on all of those questions. (This is our blog, after all.)
All of the server containers we offer are standard, popular Open Source products: PHP, MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, Solr… every one of them could be installed on any server, cloud-based or otherwise. All code is your code, available over Git. You can even bring your own Git repository from GitHub, BitBucket, or your own server if you want to. All data in any database or stored on disk can be downloaded with a few commands. There’s no proprietary lock in. Ever.
By design, a cluster on Platform.sh is highly customizable. What PHP version do you want? We offer 4, take your pick (but please pick PHP 7). You can even pick and choose which PHP extensions you want enabled. Want node.js? We have 3 versions of that. Need to have one of each? Or multiple PHP apps and a node.js app? You can do that, too. Pick a database, just add data.
While our main hosting infrastructure runs on Amazon AWS, there’s nothing Amazon-specific about it. In fact, we also offer European sovereign hosting through various partners in the UK, Germany, and France. (Expect more countries over time.)
And if you want to have your cloud and host it too, Platform.sh’s cluster software can be installed on your own physical hardware. That gives you the power of cloud computing with the self-reliance and control of self-hosting, rather than trusting The Cloud(™).
It’s good to be wary of The Cloud(™), and anyone who tells you it is the answer to all of your problems is probably trying to sell you something expensive. It may help, or not. But cloud computing is a powerful and cost-effective way to manage your software services, whether in The Cloud(™) or not.
With Platform.sh, you can get both.
See you around The Cloud(™).