If we have learned nothing from the recent Snowden revelations and stories of cloud outages the one irrefutable lesson we have learned is that you should always choose the most secure, most resilient cloud service, right? No!
I admit, in the wake of these events I frequently find myself stating, “not all clouds are created equal” in the context of discussing the need for more robust security or resilience. However there is another often overlooked, and perhaps more critical, aspect of this discussion: Not all needs are created equal. And within that simple statement there is great opportunity, and great risk.
It is an economic reality that the more resilience, the more security, the more anything you add to a service, the more that service will cost. Sure, cloud economics will often enable those services to be provided at a lower cost than other models, but does that mean we should invest in a level of service that we do not need? Of course not. We can leverage the fact that not all of our security, resilience, performance and service requirements are the same; and make intelligent, conscious choices about the level required for each business service.
However, in my experience, many cloud consumers start from the position that they need the highest level of security (resilience…) possible for every service. That can put cloud services out of reach for some, or it can lead to a terrible waste of resources. Furthermore, it can result in unfair comparisons between existing services and cloud services under consideration. I saw this a lot as a cloud provider inside the enterprise. Potential customers almost always expected the cloud service they were evaluating to have a higher degree of security and resilience than their existing services. Worse, they were almost always unaware they were making this unfair comparison.
Thus there is an opportunity for us to become more efficient through intelligent, conscious choices about these things. This is not really a new concept. But what about the risk I mentioned? How is it more risky to be more secure or resilient? Well, overspending is certainly risky. And unnecessary levels of service can result in complexity and poor service. But there’s more to it than that, and the impact can be amplified if you’re a service provider. That is a lesson I learned in a very painful way.
In the mid-2000s, as the popularity of our cloud service grew, our customer base (business users in the company) began to become more diverse, bringing with them additional service requirements. Being extremely customer-focused we added these levels of service – for everyone. Eventually we realized we were exceeding the capacity of our team, and our service levels were at risk. We were on the path to irrelevancy. Fortunately we were able to realize that it was entirely unnecessary to provide the same level of service and rigor to all customers and services. Careful evaluation of our customer requirements enabled us to provide better service, by providing less service to those whose requirements made it possible for us to offer less.
Diversity is a key economic lever. Embrace it, and you can deliver better business services and avoid the money pit.