The Cloud Isn’t Risky (In The Way You Think)

A recent article from InfoWorld’s David Linthicum advocates that IT pros should understand the cost of an outage before deciding whether to move to cloud. To give this opinion weight, Linthicum refers to a guestimate, assembled by Brandon Butler at Network World, that during the 49 minutes Amazon was offline on January 31, it lost nearly $5 million in online sales.

$5 million is a lot of money. Ouch! And the bad press from such outages isn’t fun, either.

But I think Linthicum’s advice encourages a wrong-headed view of cloud risk.

Outages are a risk to any IT datacenter, whether it’s ad-hoc rats nests of cables in a few server closets, an SSAE 16-certified NOC run by hardcore corporate IT gurus, or a server bank from AWS or RackSpace. I used to cite meteors falling from the sky as an example of overly paranoid contingency planning–until Chelyabinsk.

You shouldn’t be costing outages just for cloud–you should be costing outages for all possible IT solutions, and comparing between them. Opportunity costs, tradeoffs, and bang-for-buck should all be thoughtfully processed.

I’d go one step further. The consummate experts at risk management–folks in the insurance industry–long ago realized that there’s a better way to manage risk than to choose the least risky alternative. It’s called diversification. No insurance company in its right mind would sink its entire asset pool into a single financial instrument, even if its analysts all agreed that they’d found one outlier that offered better returns and lower risk than all the other options.

So why are IT departments trying to choose between cloud and on-site?

Different IT solutions have different risk profiles–and “different” doesn’t always mean “better” or “worse.” Sometimes it just means “different.” Different is good. Chances are, a small company doesn’t have the deep pockets required to tolerate failures in power grids, damage from hurricanes, systemic internet routing failures, or sophisticated DDOS attacks. Heck, a lot of big companies don’t have the wherewithal, either.

That’s a risk-based argument for cloud.

On the other hand, when things go wrong in a public cloud, having a fallback that’s under your direct control can be the difference between life and death for your business.

That’s a risk-based argument against cloud.

But it’s not either/or–the smart money’s on both/and.

Both/and makes an excellent argument for private cloud, by the way. If you diversify, you’re probably better off managing your internal resources with approaches like those that govern public cloud. The mental model of cloud–even on-premises–is just friendlier to the pace of business. It makes failover easier, prevents vendor lock-in, and lets you shift the posture in your risk management portfolio without losing forward momentum. I’m seeing a lot of smart companies invest here; private cloud is the bedrock of Adaptive Computing’s business, and the space is growing … meteorically.

Facebook Twitter Email
  • Bill Neill

    This sounds like an excellent argument for Disaster Recovery implemented in a private cloud to back up a DC’s public cloud.

    • Daniel Hardman

      I agree. I used to work in the backup and DR markets, and I would probably experiment with that approach if someone gave me the task.