Thursday, December 2, 2010

Private Clouds? Can They Exist? Are They Necessary?

An incredibly popular concept amongst those of us following business use of cloud computing is the private cloud. As near as I can tell, it's basically supposed to be a kind-of "cloud with benefits," combining the advantages of the public cloud with "enterprise-class" data protection, manageability, security and/or other features, depending on who's asking, who's answering and when.

But here's a thing -- is the idea of a private cloud an oxymoron?

My friend and fellow MIT escapee Peter Coffee is Head of Platform Research at He recently collected several disparate blog entries and related thoughts into the following, which I find to be interesting, well reasoned and thought provoking. He gave me permission to distribute it, so the text from it appears below in its entirety. (Peter adds: "this material is freely usable under Creative Commons Attribution-NoDerivs 3.0 United States as specified at")

Private Clouds, Flat Earths and Unicorns
Peter Coffee | Head of Platform Research, inc.

A “preference” is not a choice unless the “preferred” thing actually exists. I might “prefer” a flat earth (literally, not in the Tom Friedman sense) to this pesky, not-quite-spherical planet that requires us to have time zones: I might prefer to have the whole world doing business on one common clock, and flipping between day and night like a planet-sized coin, but that's not a feasible option.

In the same vein of confusing fantasy with reality, I've lately seen dozens of statements asserting that IT managers “prefer a private cloud.” It's time to insist that a preference is only relevant when there's actually a choice to be made. The label of “private cloud” is more associated with a desire than a choice.

When someone says that they would “prefer a private cloud,” the actual attributes of desire seem to be physical possession of the data and operational control of the infrastructure. It’s impossible to have these things and still enjoy the defining benefits of the cloud.
• If you have physical possession of the data, you also have to own and maintain the data storage hardware and software.
• If you have operational control of the infrastructure, you also have to employ and supervise a team of expensive experts who spend too much of their time on tasks that add no competitive advantage to the firm – while wasting costly skills as they wait to respond to events that are critical, but in practice are quite rare.

In either case, you're structurally embedding unproductive costs – and blocking yourself from enjoying the massive economies that the cloud should be providing.

If desires are on Side 1, fears of lost capability are on Side 2 of the broken record of oft- repeated excuses for shunning true multi-tenant clouds. People routinely express concerns, whether real or pretended, about security, compliance, and the customization and integration that enterprise IT capabilities require. Let’s bust some myths.
• Security in cloud services can be constructed, maintained and operated at levels that are far beyond what's cost-effective for almost any individual company or organization. Further, it's inherent in multi-tenancy that security must address the sum of all fears of all customers: in satisfying the most demanding customers in every respect, the enterprise-grade cloud service provider will wind up exceeding the needs of almost every individual organization while sharing the costs of security on a massive scale.
• Compliance with regimens including HIPAA, Sarbanes-Oxley and other commonly encountered laws and regulations is more a challenge of policy and practice than of technology. The discipline and clarity of service invocations in true cloud environments can greatly aid the control of access, and the auditability of actions, that are dauntingly expensive and complex to achieve in traditional IT settings.
• Customization and integration of cloud services are neither intrinsically better nor inherently worse than the capabilities of an on-premise stack. There are rigid and inflexible systems, and there are powerful and productive process engineering environments, available in either kind of setting. Buyers will do best when they ask for what they need, instead of asking for what they assume they have to tolerate.

When a survey asks IT buyers to express a choice between public and private clouds, it's like asking a fairy-tale princess whether she'd rather ride a horse or a unicorn. The unicorn sure sounds better, and survey results will likely reflect that appeal.

In this or any other situation that invites a choice between a reality and a fantasy, the fantasy can be expected to get more votes – except from grown-ups, who are expected to know when something is not actually an option. Professionals do their job by making the best possible choice – among the options that are actually at hand.

Independent industry experts have lately added their voices to the debunking of the “private cloud” label. In November 2010, blogger and consultant Phil Wainewright offered this forthright advice to CIOs who are being offered a “private cloud” proposition:

The whole point of cloud computing is to be able to operate in the cloud — in that global, 24×7, connected universe where you can instantly reach and interact with your customers, your partners and your mobile employees, as well as tapping into an expanding cornucopia of third-party resources and services that can help you achieve business results faster, better and at lower cost.

Those who say that cloud is just a deployment choice, just a technology option, have shut their eyes to the wider opportunity and potential that the cloud context opens up. They’re still building application platforms and business systems that are designed without any acknowledgement of that global web of connections and resources — as if in today’s business environment, being connected is just an afterthought, an optional extra. Maybe for some applications it is, but their numbers are shrinking daily.

Further, this is now becoming a global and even geopolitical conversation. In Canada, for example, I recently read a warning against turning that country into a "technology ghetto" whose industries will be constrained "to a standard of technical stagnation and inefficiency" by failure to use the cloud to best advantage. If financial capital is wasted on imported technology that doesn't yield economic advantage, and if intellectual capital is wasted on complex tasks that are necessary but not differentiating for employers or entrepreneurs, then enterprise and national goals will not be met – or will, at a minimum, be deferred.

Peter's thoughts inspired me to post a discussion question about private clouds at You can join that discussion by visiting Or you can share your thoughts and reactions here, or with me directly via e-mail to I have a feeling this is an issue that isn't going away any time soon. Should be fun!


  1. The Public vs Private cloud debate is a lot like the "marriage" vs "civil union" debate (you thought THAT debate was heated?). Personally, I have no problem with a global firm deciding to implement a private deployment system that looks like a cloud with one tenant, and calling it a cloud or a monkey - I think that naming argument detracts from the debate. I sat in on a panel session this week where an audience member indignantly said it couldn't be a cloud if services were not provisioned and priced "by the drink". OK, I didn't know that he owned the word "cloud" like Facebook apparently owns the word Face.

    To me, this has always been an abstraction vs binding issue - the cloud (with its least restrictive definition) allows high abstraction and late binding, which provides the user with more flexibility and potentially lower pricing.

    If people get religious about the "public" requirement to use the name "cloud" I don't think it really helps. Personally, I think 99.999% of the cloud apps will be in public clouds, but saying that you can't have a private cloud sounds like saying you can't have an intranet. Let's focus on where we agree, and just have a different name for the other stuff.

  2. If it were merely a question of naming, I'd have no problem with people calling their data center whatever they please. My concern is that people will think that "private" (an attractive adjective) modifies "cloud" (an attractive noun) to produce something better, when the fact is that building a new data center is...building a new data center, no matter how well managed it may be. If forklifts and shovels are involved, with or without a garnish of virtualization, then there will still be capital budgeting limitations and delays; there will still be merely incremental economies of scale, compared to true cloud services that radically accelerate business initiatives and hugely reduce IT operating costs.


Comments welcome!