Cloud computing, which boils down to renting server space and software off premises, has become a massive growth target. Every large Internet enterprise is backing the public cloud and hoping to turn hosting your projects into a long term revenue stream. From a business perspective this makes perfect sense. Every CEO dreams of a bottomless pit of revenue pouring into their coffers, and in this age of information, those wannabe terabyte landlords are in a race to build the swankiest file hosting apartments. The cloud: What's not to love?
One of the best advantages of the cloud is that it is available anywhere there is an Internet connection, and for basic Angry Birds level usage the cloud is great. But at enterprise level, while the cloud is "making it rain" for some people, it is also getting a lot of others wet, and wet technology does not work!
When transitioning to a cloud hosted infrastructure, companies need to factor in security, compliance, cost, and scalability before deciding whether a third-party cloud solution or their own infrastructure aligns best with their strategies, and while the lure of the cloud is certainly strong, you need to be aware of what that really means.
Warning Signals
There are some disturbing warning signals coming from the cloud sector. What people thought had been encrypted and secured on trusted servers has been made accessible, as we now know from the Snowden leaks. Many of these plush file apartments come with big windows, and the landlords have been caught peeking in.
Why else would a major player's slogan be “Cloud computing you can trust”? There is a concerted effort being made by these large players to "cloud the argument", so to speak, and usually it doesn't require a particularly ideological system administrator to compromise security. The major cloud companies very often leak information because they are ordered to, or they are inept.
In an environment like this, when so much obfuscation abounds, there is a simple rule to follow when it comes to keeping your code safe. "If you don't hold it, you don't own it". Any enterprise level business whose survival depends on keeping a competitive advantage needs to ensure nobody can access their code. R&D departments could simply be fired if you can copy and paste another R&D department's research from the cloud.
In addition to these concerns, a cloud offering may even be a massive business barrier with some of your biggest customers. Abusing the cloud means risking your reputation. Countries like Brazil are aiming to circumvent all traffic going through the US, and large telecom providers are avoiding US servers and building out their own in house infrastructure. Ironically doing so while their marketing department tells you use their cloud.
The Purpose of Marketing and Sales
One of the most hyped cloud selling points is cost, and at first glance outsourcing your cloud hosting appears a lot cheaper. But that is why these companies hire marketing departments. You need to ensure you are comparing like with like.
Very often the price quoted omits some important features that you need to pay extra for. Of course these will only surface after you are signed up to that vendor lock-in clause. Try getting out of that when they have your company crown jewels on their servers, in a legal jurisdiction far far away.
Another hidden cost is the lack of flexibility. You control neither the hardware nor the applications, so you cannot customise them to your needs. Issues such as network latency, suboptimal default settings, server downtime, unsuitable message queuing extensions, and many other unadvertised drawbacks can really eat into your work day and reduce productivity. Your network speed may even be held hostage by the large ISP providers in a very modern version of highway robbery.
Once these promised savings evaporate and, instead of enjoying top shelf quality at rock bottom prices, your work is the property of a financially crippled landlord trying to increase the rent and selling peeks inside your code to those highly classified tech voyeurs out there, you may begin to feel uncomfortable.
The Lemming Dilemma
In the short term the cloud is the easy option, and it's the "safe" option, because you can point to a stack of hyped articles about the benefits that justify your decision. It is safe, as in, the safety of the herd!
But you are probably not paid to justify bad decisions, but to make good ones, and if you aim to stay ahead of the competition, the easy option isn't going to get you there. You have to take the right option even in the face of over whelming hype and do things your own way.
Take Control of your Future
The first step to enjoying the benefits of the cloud while never exposing yourself to the downsides of taking your private information public is to define what you need to achieve. Once you have defined what you need, then it is easy to break it down into achievable steps.
"I want to have full access and control over my own data. I don't want to sacrifice security in order to own it, and I don't want to depend on a third party to access it."
Securing your data, and being responsible for it, is the only decision any enterprise can reasonably take if they are serious about becoming a major player. You need to store your projects behind the firewall on your in house servers, play your cards close to your chest, and be in total control of your own data. And if you use some in house customisation on your setup, you can easily achieve big savings without having to fund the sales department bonus pool in another company.
Obviously this requires undertaking some extra effort and due diligence in the beginning, but when those terabyte landlords start increasing the rent, and you see other competitors trapped in the cloud looking to find a new place, then you'll be glad your files have a safe home of their own.
There is no excuse for not securing your code. The tools already exist to keep your projects totally secure and your teams perfectly integrated and collaborative. You can install RhodeCode Enterprise behind your firewall, and safely tucked inside your servers will be the best version control system available anywhere.
RhodeCode Enterprise was designed from the very first line of code with this kind of implementation in mind. It provides plugin support for secure user authentication. IP whitelisting to enable only those on your company VPN can access your code. A permissions dashboard to allow you easily manage who can access files, and a deeply integrated suite of collaboration tools to let your developers ship better code faster in the most secure environment possible.
RhodeCode Enterprise enables you to enjoy the benefits of what the cloud has to offer but puts you in charge. No one can view, copy, deny you access, or tamper with your hard work. This will allow you to stay high and dry, and miles ahead of the competition when they start to get bogged down under rainy clouds!
Brian