The touted cost savings associated with cloud services didn't pan out for Ernie Neuman, not because the savings weren't real, but because the use of the service got out of hand.
When he worked in IT for the Cole & Weber advertising firm in Seattle two and a half years ago, Neuman enlisted cloud services from a provider called Tier3, but had to bail because the costs quickly overran the budget, a victim of what he calls cloud sprawl - the uncontrolled growth of virtual servers as developers set them up at will, then abandoned them to work on other servers without shutting down the servers they no longer need.
Whereas he expected the developers to use up to 25 virtual servers, the actual number hit 70 or so. "The bills were out of control compared with what the business planned to spend," he says.
CLOUD SECURITY: Interop: Cloud services take a beating in debate over security
He tried modifying policies around use of the virtual servers so they could be used only from 7 a.m. to 7 p.m. But that didn't work either because inevitably deadlines had to be met that required violating the new policy.
Ultimately, the business built its own VMware cloud that supports up to 100 virtual servers.
Since then Neumann has moved on to being IT director for Big Fish Games, which makes computer and online games, and where he has given cloud service another shot, but with similar results.
Big Fish again hired server capacity from Amazon to launch an experimental Facebook game. "Then the game was very successful," he says. "It was great to be in the cloud because it could scale so quickly, but the costs got out of control."
So again he pulled the content from the cloud and hosted the game in-house, a move that paid for itself in three months with the savings from not having to pay the cloud bill, he says. "Performance issues didn't drive the change," he says, but the experience has jaded him a bit. "Now we're cloud averse. We don't even talk about it."
In order to return to the cloud, he says Big Fish would need to be working on a specific project that would benefit from a cloud service.
Earlier, when he was still at Cole & Weber, Neuman ran into a different problem with cloud provider Teremark (now part of Verizon) that was related more to the relatively young service provider growing so fast that it couldn't effectively manage its services. As a result the advertising agency brought all its SQL deployment - which had been virtualized in the Teremark cloud - in-house on physical servers.
Other lessons he learned include examining service-level agreements (SLA) carefully, because he finds the ones he's run into don't actually agree to much. "You can have a big outage and it's not far off the SLA," he says. If a provider offers 99% uptime that equates to 7 1/2 hours per month of down time. "That's a day," he says.
Overall, he's suspicious of cloud security because he doesn't really get to examine it. "I think it's inherently insecure because I don't control it," he says.
Providers say, for example, that they are SAS 70 compliant in network defenses, but he worries about threats from employees of the provider. "Just like everyone else, their biggest threat is internal," he says.
Until reliable cloud security standards are established, he would avoid putting critical applications there unless he got to examine the provider's security. "I would pretty much have to know everything about what they do," he says.
Even then there are uncertainties. For instance, if data is housed in a particular data center, but the provider expands or data is replicated to another data center in the cloud provider's network, how will he know the second site is as secure?
Tier 3, the provider he used for a SQL virtual deployment, was good about explaining and documenting its security, he says, but still it wanted customers to take some responsibility. "Their stance was you need to take measures yourself," he says.
He says the IT department tries to be as flexible as possible to support projects, but the reality is that the costs of cloud services are difficult to project accurately. "It's really an unknown," he says. "If you use it for six months and it costs the same as buying physical hardware, then you have to switch."
Read more about data center in Network World's Data Center section.