On paper, it is easy to see what is driving public cloud uptake. Yet theory and reality are never fully aligned, and in the rush to the public cloud, many organisations are finding it is not quite the promised land they thought it was. First, there is the migration itself. Not all business applications can be easily migrated, whether they are legacy applications with multiple dependencies, or applications running on physical hardware or legacy platforms such as Solaris, AIX, IBM mainframe. The process can be lengthy and consume much of in-house IT teams’ resource too, which is likely in demand form other areas of the business to deliver on planned transformation initiatives.
This forces businesses to consider whether they need to Rehost, Replatform, Repurchase, Refactor, Retire and Retain. While this is a vital process when considering infrastructure transformation and a move to any new environment (not just public cloud), it belies the apparent simplicity of moving to public cloud. Second, there’s the cost of migration itself (incorporating the six Rs above). Depending on what is being migrated, there can be a crossover point where moving to public cloud is more expensive than sticking to an on-premise data centre or private cloud set-up. Third, many sectors have a need for compute to be close to where data is being generated to meet their
processing demands. In the public sector, that includes healthcare and the drive to smart cities, particularly at a local government level. As will be explored later in this paper, having a centralised public cloud handling, analysing and storing large volumes of data generated by devices and sensors at the edge of networks can rapidly become very expensive.
Fourth, there is the question of security. Are public clouds secure? Are public cloud providers a target for attacks? For the latter,
the answer is of course yes, and while the answer to the former is less clear cut, it is worth considering that any public cloud that is easily hacked would not remain in business for long. However, as Mark Elliott, EMEA Theater Lead at Dell Technologies points out, “the very concept of public cloud, where data is in no fixed place, makes it harder for people to accept that it is as secure as other alternatives. This also has compliance implications. We’re seeing a rise in questions about data sovereignty, because
public sector organisations need to know where their citizens’ data is. Customers in both central and local governments are particularly keen to know if public cloud providers can deliver the assurances and transparency they need to demonstrate in their delivery of public services. In addition, there’s trust. It’s not easy to build trust with an organisation that you can’t build a relationship with, what’s needed is trust, and with that accountability. That’s a tricky question to answer.”
One option to combat particular security concerns is to split applications across different environments – for instance having front-end elements in a public cloud to meet the need for agility and flexibility, with databases left on-premise or in private clouds. There are some virtues to this approach, but it does bring with it rising network costs as data transfers increases.
Fifth, we have generic public cloud Service Levels Agreements (SLAs) and Service Level Objectives (SLOs), which are
determined by the providers themselves and don’t align with the specific business needs and dependencies of the public sector. If maximum uptime and service accountability are important to your critical business applications, then public cloud offerings may not be a good fit. Elliott, for example, notes that “Public cloud’s entire model is based around providing a standard, consistent service for all tenants. For certain workloads, this might be fine, but many CIOs may find that standard service level agreements fail to meet their organisational needs.” That could mean needing to pay extra to have advanced SLAs, which further increases their overall expenditure (and brings that crossover point closer again). In addition, a service that can be acquired with a credit card is less likely to have dedicated support,
which means making changes to the service or resolving issues can be less straightforward, negating some of the flexibility that public cloud should usually provide.
