Friday, July 31, 2009

Scattered clouds

So where is this "cloud" physically ... in meat space.

I went to find out. First, I started with a very helpful grid courtesy of John L. Willis's IT Management and Cloud Blog at That provided the names of the known vendors and what they provide.

The next question was, Where were they providing these services? That is, where were the actual data centers located? I got that from a combination of company web sites, regulatory filings, my own industry experience and a fantastic online resource called Data Center Knowledge at

Here's what I came up with ...

Now, I don't guarantee that this is 100% correct. It's just a first pass. I'd appreciate any comments or corrections.
Have a better day,

Thursday, July 30, 2009

Brain cloud

In a comment on an earlier entry, a reader who wishes to be known only as Alec referred to the "knowledge concentration" that a third-party provider brings. He was talking about the ASP model, but acknowledges this holds for cloud providers as well.

This knowledge concentration means that deployment "requires about 10% less effort than a customer-hosted one of the same size and complexity," according to Alec, whose statement also suggests this might hold for incident management.

But I think there's even more to it than that.

If your labor is 10% more efficient, then that's time that they can be spending on value-add projects rather than keeping the lights on. Most business cases I've seen would grant that this is a 10% savings, but that would only be true if your cloud provider's cost per person-hour were the same as your badged employees'. But you're not fishing from the same pool. If your data center is in a rural or semi-rural area where skilled workers are hard to find, then you're paying a premium for them. If you're in a major metro, you're paying a premium just on the burden rate -- and then you can consider higher salaries. But cloud infrastructure is in places with affordable labor markets where there's a concentration of IT skills. So that adds to the bargain.

And we're not just talking about the tape monkeys and board jockeys here. The higher up you go up the skills ladder, the better the payoff is likely to be. Unix admins? LAN admins? Hypervisor gurus?

Also, if your cloud's team is 10% more efficient than your home-grown team, that means that your systems are back up and running 10% faster. What's that worth in terms of productivity? Customer satisfaction? Revenue? (By the way, don't count revenue in a business case. It's misleading as all get-out. But I think it's fair to include EBIT or EBITDA, depending on whether you're presenting a cash- or accrual-basis case, respectively.)

One last point about cloud labor costs versus in-house: Growth. What are you projecting for wage inflation next year -- 3%? 3.5%? Whatever it is, it's just a projection. You really don't know. You'd be remiss not to add a risk factor to that. Depending on the size of your shop, three or four longstanding employees who know where all the bodies are buried could blow that estimate straight out of the water.

And then what are you paying them to do? You're paying them to deliver an adequate standard of service. Adequacy is defined by a service level agreement between you and ... uh ... you. There's no real penalty for violating it, except that you get an earful from the end users.

But with a cloud provider, you have a contract. You know exactly how much it'll cost next year to maintain a specific service level. If that SLA is violated, you get an agreed-to rebate. Otherwise, you know what you're paying and know what you're getting.

Wednesday, July 22, 2009

Lost on the Op-Ed page

First, sorry for the disappearing act. I was given the brief to start this blog in my spare time, then they took away my spare time. I've got the work-life balance to post at least every few days now going forward.

But I'm not going to blog just to blog. One thing that prompted me out of remission was an op-ed piece in the New York Times by Harvard Law's Jonathan Zittrain. As with many Ivy types, he makes some remarks that are obvious given a moment's thought, are expressed very well, and not quantified worth a damn.

Zittrain's thesis is that the cloud is a dangerous place. It's great to have all your data backed up offsite but -- and this is why we need Harvard on the job, to think of these things for us -- What If Something Goes Wrong?

The infrastructure could fail. The keepers of that infrastructure might even betray your confidential information. Right to privacy -- a dubious enough concept in the real world -- is practically non-existent online. Under the Patriot Act, the government can grab your data without a warrant just as easily as it could tap your phone. And then heaven help you if you're actually sending packets outside U.S. borders!

All good points, Professor Zittrain. The op-ed piece was directed at a general readership (although most Times subscribers would probably bristle at that characterization) and was focused more on personal computing. So it's not surprising that they're nothing that any decent CIO hasn't already thought of.

The questions, then, are how real are these risks? How can they be mitigated? And most important: How much could they cost you?

Real? Sure they're real. System failure is definitely real. Industrial espionage is a possibility. Beyond that, maybe we're just descending into paranoia.

Zittrain suggests some public policy solutions to mitigate: Fair practices law could compel cloud providers to send your data back to you upon one-click request and delete it from their own devices. Other privacy protection statutes could be enacted. And of course cloud customers can take matters into their own hands by improving their encryption and deploying other security options.

At what cost, then? Legislation is expensive, but doesn't tend to hit the CIO's p&l statement. Industry groups have lobbying firms on retainer; it may be time for industry groups to put Zittrain's public policy initiatives on the front burner. Security can be costly; I've had clients whose firewall servers consisted of $50,000/year of software stacked on $5,000 (one-time) worth of hardware. But that just reminds me of what's been written on bumper stickers about school district taxes: "If you think education is expensive, try ignorance."

Zittrain hits on one critical hidden cost of the cloud, and on this point I think he's quite right and actually displays the kind of foresight that Harvard people are supposed to display on a regular basis: The cloud could shackle innovation.

"Both the most difficult challenge -- both to grast and to solve -- of the cloud is its effect on our freedom to innovate," Zittrain writes. "The crucial legacy of the personal computer is that anyone can write code for it and give or sell that code to you -- and the vendors of the PC and its operating system have no more say about it than your phone company does about which answering machine you decide to buy."

(Answering machine? They still sell those?)

The point, again directed at the personal computing public, is well taken in the corporate world. If you have people on your team who love to tinker and are good at it, the cloud will put opportunities out of their reach.

They won't be able to write spaghetti code. They won't be able to forget to tell anyone about it and never enter their changes into the CMDB. They won't be able to cause outages just by going on vacation. They won't be able to negotiate outrageous raises because they're the only ones who understand the "improvements" they made. They won't be able to retire at 39 and come back as $400/hour consultants at 40.

Instead, such monkeying around can only be done by people who do the same system administration and operation tasks day in and day out for a variety of customers with similar requirements, applying their professionalism and knowledge concentration seemlessly and invisibly.

Hmm, maybe the standardization benefit outweighs the innovation cost.