On Feb 26th posted a piece in which I warned readers of the dangers of buying into CLOUD solutions without due care and without attention to all the little details they would pick through if they bought a small solution from me or even from an SME or “front of mind “, big noisy solution provider. On March 1st 2017, Amazon went down to the shock and horror of the media at large. I promise you I had nothing to do with it, but I did get a flood of emails, some of them quite amusing.
The HIC problem
No I am not referring to the HICKs of Hicksville but rather to the much more common problem of “Hiding in Crowds”. Closely related to the brand new evil you hear quoted everywhere, “ Populism”.
A populist is someone who, seeing his sweetheart taking a dip on the next plain, pretends to hear a lion and quickly convinces the herd to rush over there.
The HIC theory is sound enough for a plain dweller, if you are part of a large crowd the probability of being the one chosen for lunch by a marauder is very low, especially if you are careful not to stand out, I.E. don’t say or do anything different from the crowd.
If you are responsible for making key decisions on a modern organisation you can also retain some credibility after a disaster by saying , “Well everyone believed this at the time”, or ” look at all the others who fell for it”.
If you are a responsible individual or if this is your own money at risk then you simply can’t afford to be a HIC. What that means is making your own decisions on the basis of information, accepting the risks you can’t control and standing by your decisions, while always being open to new information and constantly monitoring your sources. E.G. You need to know who his sweetheart is.
Here are some thoughts to help anyone struggling with these decisions.
Some very strong arguments for investing in a cloud solution
- The IT department don’t want to give me a “NDB system” because it can’t be justified financially and won’t fit into the Enterprise Architecture just now. Who do they think they are, I’ll rent a cloud solution and I won’t even need to tell them let alone ask. That’s not as dumb as some might think. There are plenty of situations where this will be a good answer, just be sure that it is a temporary and not a long-term part of the business strategy and be absolutely clear that a: data is handled strictly within the law and b: You can get your data out safely when you need to and get it into another system. Remember you are responsible, not the cloud provider.
- I have no or an inadequate IT department and don’t want one because I won’t be able to control it. Instead I’ll get this cloud provider to give me the whole thing in one go and the problem is solved. You have to love it don’t you! If you truly do find the right solution available via this kind of deal that’s a big part of the problem solved, though by no means all of it. You are going to need a hell of lot of skilled man hours by some smart IT guys to arrive at that conclusion though and it will still be a best guess, just a very much better one.
- I don’t have and can’t or won’t raise the capital needed for this huge system I want, so I am going to rent it from a cloud provider and keep my capital working at the coal face. Not bad thinking on the face of it. Do consider the following: Are you really in business with insufficient access to capital to fund core process? I doubt it. Do you seriously make decisions about employment of capital in this way? Do you have a business case? If it says this is a good option, then given all the other ducks are in the right places, what are you waiting for?
- My business is made up of the original business plus a growing number of acquisitions around the globe, I am fed up of struggling with 7 different CRM systems and all the others, I want all of it in one system so nobody tells me again that the revenue from selling “tap”s was missed because 30% of sales were classified as “Faucets” and all the myriad of other such errors that turn my reports and dashboards into danger zones rather than information.
- I need my people around all of the group businesses working together to innovate and share ideas, but it is hard to achieve when they are working with so many different systems and using different vocabularies to discuss essentially the same thing. I want to migrate all of these businesses to cloud systems and administer them from Group Head Office, then we will be one business instead of 75
- I have fairly good systems and I am reasonably satisfied with what I have, but I need the ability to handle large demand spikes better and I need to prepare for an increase in the regularity and size of these spikes. Buying hardware to deal with this could be very costly and offer a low return on investment, given it would be redundant most of the time. I plan to extend my systems to encompass a cloud element so I can rapidly respond t short-term sever spikes in demand.
Some “gotchas” you really need to keep in mind
1 I need my CRM/ERP/other to be available via browser from anywhere in the world.
That is not cloud, that is Worldwide Web. It’s been around since the early 90s. You don’t need a cloud discussion, you need a web hosting provider and someone to find you a good free open source tool. If you don’t believe me, I have done tis more than once.
- My industry is highly regulated, e.g Pharma, Finance etc I need to bear this in mind.
My personal experience of this is based on Pharma, but I believe the principles are the same.
Right now there is a fledgling process for validating public clouds as suitable for specific types of data and sometimes or specific situations and geographies. Being a very new industry and a not well understood problem domain, the regulation is immature and almost certainly inadequate. If I were making a decision for the medium term, I’d be very slow to risk the future on what we know today and I certainly wouldn’t expose myself to any assumption that today’s regulation would be sufficient for tomorrow. Handle with extreme caution or stay way entirely is my personal view and that is based on knowing what we don’t know rather than any certainty.
- My business needs to be operating every day with no exceptions. Outbreak of war, epidemic you name it, this are more likely to be opportunities , or maybe the scenario is that I have a legal obligation to be operating. If this is you, don’t so it.
a. Using the cloud depends on the internet and increasingly on mobile phone signals. This is still an area for very mixed quality of availability and signal across most of the globe, but do bear in mind that Governments everywhere hold an off switch for the mobile phone network and internet, any kind of political crisis can at any time lead to a black out in one or many regions. Can you handle that?
a.i. The internet is not nearly as robust as people would have you believe. There are many points of failure and they are sought out and taken down from time to time. Logically, with all the publicity from the US election, this kind of thing will become more and more popular. Recently DYN the people who help with dynamic DNS issues were taken down bring the whole East Coast of Americas TV entertainment to a virtual halt and costing people like Amazon, Netflix and others fortunes in lost revenue. Expect more of this leading to more of above.
A.ii. Large providers such as Netflix for example are heavily exceeding their peering agreements or downstream traffic with the result that they are being throttled. This makes viewing almost impossible for many customers. Such throttling is perfectly legal and it is likely to be used as part of trade wars between rivals. Your business could easily become the innocent casualty in one of these battles.
- Since my days in the broadcast industry I remember the affect Netflix had on the Amazon cloud when they were busy processing film. It was a well-known phenomenon and it lead my client of that time away from that solution. There has been a catalogue of large outages on a fairly regular basis since the beginning of the cloud movement and I fail to understand why somehow, senior CIOs clearly began to conclude that AWS and others were “Too Big To Fail”. Well that is reserved for bankers. The cloud can and will fail. It is technology and politicians don’t have much of value hidden there, so don’t be foolish about this.
- If the “Too Big To Fail” cloud provider fails, or decides this is no longer profitable, I must be able to replicate all of these services and carry on in business.
Here is a simple piece of advice that I am grateful for having received a number of years ago.
“Nobody sits around dreaming up risks that could not happen and writing complex legal clauses to extricate them form the risk situation when it occurs.” Let me translate that into simpler English; Read the legal contract, if the terms of the contract render the cloud provider blameless in such a situation, then they believe there is a really good chance it might happen and they know more about it than you do.
Unless you can build and rehearse a viable strategy for recovery given the reality of what might happen, you probably should stay away.
- Even if it were feasible, I wouldn’t put my entire business into a single cloud ERP and expect to live happily ever after, I need to be able integrate my systems in order that my people have efficient processes and data is not re-keyed repeatedly and I have an “almost trustworthy” view of the business to support decisions.
This is an area I have struggled with many times over a number of years and I can add to that the experience with non-cloud but WWW systems before that. I have had a close and personal look at a number of leading cloud solutions and the variation in the quality of APIs provided is quite remarkable. One or two provided very consistent a comprehensive APIs, but the majority simply paid lip service the idea.
Even when integrating one of the better ones with systems “back at the ranch” we constantly ran into dead-ends where something we wanted, simply could not be done.
No is not a word I have ever accepted at face value and in the world of technology my first reaction always is, yes it can be done, even if we have to invent it. When your data is locked in a cloud data store that sometimes even the operator can’t understand with certainty and more to the point, you are not allowed any access to it, then it is beyond your reach unless the API provides access. Hence, “No API, no Data” Any architect will tell you to avoid going direct to the data store and I agree totally, but once in a while when the goals is big enough and there is no other way, it saves the day. Not with cloud services, unless of course you are referring to your own service built on PAAS or IAAS, see below. That is a different scenario and outside today’s scope.
Some definitions and buzzwords you need to keep an eye on
There are so many experts out there and so many levels of depth different people want that I hesitated to add this, but hopefully this will help some users. If you need deeper explanations google will find you more than you bargained for.
Cloud. It began with the little cloud icons used to denote internet, and now it seems to have settled as any system you access via the internet rather than on you own infrastructure. There is always an exception and this case it is the cloud you build on your infrastructure, see the next item and don’t get too hung up on this.
Private cloud. This is about using the idea and the tools of the cloud to build a central resource on your own infrastructure. The benefits are for example ability to virtualise servers of any size for a specific task thus offering tremendous flexibility and potential savings, though licensing systems in cloud is a hugely complex area and a real minefield for assumptions about future costs.
Hybrid cloud This is simply a combination of the two above joined virtually to provide a single network so that the public part of your cloud appears and functions in almost every way like it were your local private cloud. This gives tremendous flexibility with an ability to rapidly scale for sudden changes and reduces complexity at least at a superficial level.
PAAS. This is really just the cloud providers renting you out the systems on which they build their applications. It is very similar in ways to renting virtual servers from a hosting organisation and building your application on that. The same principles apply. It saves a lot of time and capital investment and is especially useful when you want the ability to fail cheaply with something.
IAAS. This is as PAAS except that they are only renting you the infrastructure .
Within this are some very useful services that provide an end to end Continuous integration pipeline ready to log in and start developing software. This is hugely valuable to software business not just impacting cost but also quality and consistency.