The Recession and The Cloud
One of the few hot themes in software and services investing right now is 'the cloud', an easily scalable pool of computing or storage resources located in the network, and (usually) run by someone else. Along with bona fide new entrants, every surviving grid computing company and also-ran virtualization venture is getting a 'cloud' label slapped on it (and 'green' besides, of course). What's going on, given the general state of IT spending amidst a global recession?
Part of what's going on is precisely that recession. Short term adoption of virtualization (and cloud itself) within the enterprise data center is being slowed by the usual caution and cuts in IT spending associated with an economic downturn. Every investment proposal gets hard scrutiny and had better have a short-term, low-risk ROI. Virtualization and cloud might actually offer those returns, but it's a hard sell considering the radical operational transformations they imply in the data center.
Meanwhile, the public cloud is getting an inadvertent boost from the recession. Amazon Web Services (AWS) has been joined by Google, RackSpace, EMC and a bunch of others in providing storage and computing on demand. It's the latest step in reducing capital requirements for starting up venture or enterprise software and services projects. The combined reductions created by off-shoring and open source had already led to what I've called two-stage ventures, where engineering to the point of market test could be accomplished with minimal startup funds. Now public cloud offers the would-be net entrepreneur a way to avoid both the upfront costs of putting service infrastructure in place for a launch, and the 'success failure' risk of not being able to obtain capital or equipment fast enough if the offering turns out to be a hit. In an extremely tough fundraising environment, staying capital-light as long as possible is just the ticket. The upshot will be even more 'below the radar' ventures launched on personal or angel funds, and only turning to venture when and if they prove demand and require external capital to scale their marketing.
A similar argument holds for the recession-beleaguered enterprise. Public cloud plays well in a capital constrained environment. The new department level project or customer-facing venture can start on a public cloud, without implicating the operational pattern of existing infrastructure, or having to consider the capex requirements of building capacity to host and scale the software. Rather than put all innovations on hold, business unit managers may be willing to take a risk on a public cloud provider and worry about internalizing the project when and if it succeeds.
Being well-aware of lock-in risks, enterprise managers will make sure they have the ability to pull their services into their own 'private cloud', in part or whole, sometime in the future. This suggests that ventures like Eucalyptus Systems, which allow emulation of a public cloud API on a private infrastructure, are well-positioned. It's also a good bet that applications born on a public cloud, where redundancy and surge capacity are built in, may continue to rely on public infrastructure for these contingencies, rather than deal with the capex and operational implications of internalizing them. This suggests that public providers will not be substantially threatened by 'privatization' of the cloud, but that management platforms extending across private and public clouds are a good long term bet.
The Cloud Over The Cloud
That doesn't make everything sweetness and light. Putting sensitive data onto a cloud provider's infrastructure doesn't remove security risks - it could compound them. The enterprise or startup handling PII or PCI-compliant data isn't going to get a break just because it's been pushed onto S3 or another storage provider. The software stack deployed on a public cloud is still vulnerable to attack from the network, and it may be more difficult to monitor would-be intrusions from afar. One also has to assume that the cloud provider is successfully maintaining separation of applications against inadvertent or malicious compromise by others on the same infrastructure. Even those who encrypt their sensitive data when at rest in a public storage cloud have to acknowledge that it will be brought into the clear at the moment of processing in a public computing cloud, and that will happen beyond the usual corporate security perimeter. Extending security and privacy monitoring and control into public clouds is another spot for entrepreneuring, though the long term advantage may go to incumbents in the enterprise market.
Then there's that 'green' claim. It seems perfectly reasonable that an application that's deployed on a virtualized infrastructure or a public cloud will suck less power than one which has dedicated resources, no matter how cunning the energy management scheme on the latter. There are a number of before/after and side-by-side comparisons that support the logic, though with wildly varying estimates of energy savings. What seems to be totally missing is any form of ongoing energy accounting. The moment the question changes from "Are you saving energy?" to "How much energy does this really use?", the answer comes up empty. So far as I've found, there is no solution for 'front to back' monitoring of direct and indirect energy usage by applications running on a virtualized or cloud infrastructure. Whether greenery ever comes to point of requiring an audit trail is a speculation, but if so, there is a market hole.
Buzz Phrases and Pundits
Then there's the risk that hangs over all terms that become industry buzz words: semantic heat death. Shortly after something is declared hot, the label will be hung on every venture in sight, and about the same time the ill-informed pundits will start to outnumber the useful analysts. Jonathan Zittrain's recent NY Times article is a bad example in point (BugMeNot). There he properly worries about privacy of data in a cloud, but sloppily confounds the term with another business model: audiences. Zittrain worries about the freedom to innovate in Facebook's cloud, and thereby participates in the semantic destruction of the term. Ask yourself this: Is anyone running an app on Facebook because of their awesome infrastructure or open architecture? Give me a break. The only reason anyone's there is access to the Facebook audience, in the hope of monetizing that exposure in some way. Similarly with his bad example of Apple's iPhone store. Who knows or cares how the backend infrastructure for the app store is built? It's all about access to Apple's customer base. Are Facebook's or Apple's management going to suddenly shift their business models from audience building to open infrastructure provider, and abandoned the value they've created? Give me a break again. Jeff Bezos figured out the distinction: you can buy your public cloud infrastructure from AWS, but it doesn't come with access to amazon.com's customer base. But that's too much analysis for lawyers trying to make political points.
Actually using 'cloud' as an analytic concept is going to get ever harder as time goes on, so those in the field had better be backstopping their new buzz phrase with some explicit description of what they are offering and why.