Is the application cloud-ready? Many legacy applications weren't written with portability or virtualization in mind, and may be tied to very specific environments that can't be duplicated in the cloud. For example, they may run on older operating systems, require out of date drivers, use legacy databases or lack proper security. Other apps, like database or performance-intensive applications, may be best run on bare-metal. These include many financial services trading applications, where revenue is directly tied to how fast a transaction can be completed. Furthermore, regulations and industry practices may mean that public clouds are not yet a good choice for a subset of applications.
Can your cloud provider support these requirements, and with the level of availability needed? Is this a good case for an internal cloud service instead?
Can the service provider deliver the level of performance your application needs? Modern applications are written in tiers and each likely has a different performance and availability requirement. The front end, or web tier, can be easily distributed to provide the scalability and availability an application requires. The middle tier that provides the business logic may also have been written to accommodate a distributed server model for easy scaling and high availability. The back end, or data tier, is the most likely to require a single physical computing environment, so it is imperative that a defined approach to scaling and availability be put in place.
The questions to ask therefore are: Can the cloud service enable dynamic scaling of compute nodes when required? Will your data volume overwhelm the network pipe to the cloud? Is the service provider set up to handle complex tiered applications? Does your database need a bare metal server and if so what does it take to provision and manage it?
What level of security is required and can a public cloud provider meet it? While this has been a big focus of service providers in recent years, this still remains a concern. In fact, it is the primary reason that within the US federal government, private cloud spending in 2014 is projected to be $1.7 billion vs. $118.3 million on public clouds. However, in 2010, to increase the adoption of public cloud services by US government agencies, a program called FedRAMP was created to streamline the process of determining whether cloud services meet Federal security requirements. (In May 2013, Amazon Web Services passed the FedRAMP cloud security assessment, making it one of the first commercial cloud providers to be certified. This should speed the adoption of public cloud services in the US federal government.
In the enterprise world, while security concerns remain, they are lessening as enterprises get more experience with cloud services and as service providers focus on enhancing security. The recent Future of Cloud Survey from North Bridge Venture Partners and GigaOM shows that security as an inhibitor is declining year-over-year from 55% of respondents in 2012 to 46% in 2013.
Sign up for CIO Asia eNewsletters.