Is Public Cloud Ready for A Mission-Critical System?

2006 can be regarded as the year that saw the birth of commercial cloud computing, with Amazon Web Services (AWS) being the first to launch a modern cloud infrastructure known as the Amazon Elastic Compute Cloud. Google launched the Google App Engine in 2008 as a PaaS (Platform as a Service), which was known as the Google Cloud Platform (GCP). It later added the Google Compute Engine which formed the IaaS (Infrastructure as a Service) offering and the evolution continued. Between 2010 and 2013, Microsoft had launched its cloud infrastructure, providing similar services like the AWS.

Similarly, IBM, who was a late adopter, started cloud offerings in 2011. Many other players have also emerged within the cloud computing space offering a variety of services, which include the Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). With IaaS, the Cloud Service Provider (CSP) owns the infrastructure (The servers, storages, networking, and virtualisation) but allows the subscribers the flexibility to manage the operating systems, the applications, the data and the runtime environment. The subscriber is also responsible for the security of the runtime environment. For the PaaS, the CSP owns the infrastructure and additionally manages the operating system and the runtime environment, and by implication is also responsible for the security of the environment. Still, the subscriber manages the data and the application. With the SaaS, the CSP manages the entire platform from the infrastructure down to the runtime and applications. The subscriber is just provided with a front-end access for data input and console for application administration.

There has been a bit of apprehension that trailed the adoption of cloud in Nigeria, basically because of infrastructure deficit. In Nigeria, many organisations have adopted cloud in one form or the other, and the prevalence is mostly seen among SMEs, who may not afford the burden of on-premise infrastructure in terms of cost and administration.

The question remains if the public cloud is ready for mission-critical systems. Most large enterprises that have adopted some form of cloud infrastructure till today, still run a hybrid system, keeping some of their mission-critical systems on-premise. Also moving some ancillary services to the cloud in what they sometimes refer to as phased migration strategy. Information gathered from most people interviewed is that they want to watch the evolution of cloud business in terms of security. In comparison, others explained that the phased migration strategy is based on the outcome of a risk assessment conducted for their various mission-critical services. The financial services sector is one prime example of a sector that is not yet ready to move the core banking application and other critical services to the cloud.

Whether the public cloud is ready for mission-critical systems is still a question that is subject to debate. Understandably, most of the proponents of full cloud adoption revolve around companies that do not provide mission-critical services. According to Alexander Pasik, the Chief Information Officer of the IEEE, the cloud is ready for prime time, and concerns about security and even availability are overblown. His defence is that providers’ track records of reliability, along with the fact that IT management is their core competence, should allay fears about the perceived stumbling blocks of security and availability. Progress has been made from an availability standpoint. Yet, there remain some gaps yet to be closed.

Latency is one of those that is yet to be addressed. Major milestone has been achieved with the proliferation of Fibre deployment both for last mile connectivity and long-haul services. The average latency still stands beyond 100ms and most of the mission-critical applications require lower latencies to perform optimally. Also, the cost of the internet circuits is another factor. On the other side of the argument is the reliability that comes with the cloud adoption. Typically, in Nigeria power supply is erratic and companies depend so much on alternative power sources to power up the infrastructure. The reliability and continuity, particularly in the face of very poor power infrastructure or a major disaster, coupled with the elastic approach of scaling resources that is more efficient and cost effective is in fact much better in the cloud.

From a security standpoint, the fears are still mounting. Today, there are regulatory and compliance programs like the PCIDSS that discourages exposing systems that contain cardholder information over the internet. Security is still a major concern as most financial institutions are still wary about migrating their mission-critical services to the cloud, citing low maturity in cloud governance. Government agencies are still mandated not to store government data on the public cloud

In conclusion, there has been a lot of advancement in the capabilities of the public cloud infrastructure, they include, the pandemic induced WFH model, the elasticity of the cloud model, the power infrastructure state of the Nigeria power supply, the need for high availability service levels, improved cloud security, and cost-efficiency. All of these point to the fact that migration to the cloud still offers a better business advantage than on-premise infrastructure.