Cloud Summer 2018

Which Applications Should The CIO Run In The Cloud?



Many organizations are starting to utilize the cloud for their enterprise applications. Before doing so it is prudent to consider the pros and cons of the private or public cloud environments and which applications may best be suited to make the most of the cloud.

Those applications that are very sensitive and delicate, or risky to move to a private cloud may be better left in the datacenter until an appropriately planned move with safeguards can be executed. Applications that the business depends on and which are very old but rock solid in the current environment may not be worth moving even into a private cloud but instead may require a planned obsolescence with a replacement made over a measured period of time.

Core, mission critical business applications that need high security or high control and governance are best kept in a private cloud environment. Mission support applications that may contain more sensitive information would also be candidates for the private cloud, for example, HR, Finance and email.

Applications that may utilize already public or non sensitive information may be candidates for the public cloud. This would include existing applications like web sites, or training applications and also new, rapidly deployed apps like mobile ‘branding’ apps. Applications that are not sensitive, but that need a lot of scaling or need to scale specifically at peak usage times, or require widespread geographic usage may also be best managed in a public cloud.


Business Needs:

The business needs the CIO to focus on providing a seamless, drama less business operations experience to all, while giving some departments and functions the ability to be more innovative, respond faster to threats and opportunities and all while keeping costs under control and possibly maintaining a tight cost reduction trajectory. These are seemingly conflicting, tough objectives to meet, but cloud computing offers some much needed assistance to the CIO.

In the typical datacenter, the IT team must take care of delivering the whole vertically integrated service of IT, from setting up and managing hardware and software, including compute, network and storage, to managing upgrades, deploying new applications and updating software and rendering other support.

In addition there are many service delivery operations and maintenance tasks, like monitoring performance, latencies, security and availability, which are expensive in terms of time and opportunity cost. The typical datacenter uses a vast range of experts that must be hired, trained, managed and deployed plus the technology that must be bought, managed, operated, updated and eventually managed to obsolescence in an efficient manner.

This incurs massive capital costs as well as operating expenses for the business, simply to deliver IT services. In a managed cloud environment, much of the infrastructure is managed by the cloud provider. They build the infrastructure and hire and train and deploy IT teams and sell the computing power to customers much as a utility and charge based upon what is used. Thus, converting these capital and operating costs into variable expense costs is a financial advantage. In addition, when a department (e.g. marketing, sales) must respond to a market change, such as a competitive threat, they need a new application or IT service to be put into service ASAP.

Conventional datacenter environments can be relatively slow in delivering such strategic applications. This is because there is such a large overhead of operational responsibilities that the strategic areas take a back seat due to lack of resources and time. It’s the requirement of driving the car on a highway while changing the oil and getting to your destination by the deadline – leaves little time or energy to add a rear spoiler or a turbocharger, or low profile wheels. After all, its possible the destination gets altered en route by the CEO, and the air filter needs changing right after the oil has been replaced.

Cloud computing environments offer a more flexible, on-demand, software driven infrastructure where different layers of the vertical stack can be managed more easily through software that can orchestrate and manage the workloads and applications in an intelligent manner delivering an agile, scalable, adaptive, sensing, and even self healing environment. For example, an application that is failing is constantly monitored via telemetrics and before it fails, leading indicators prompt the creation of a duplicate instance of the application in another server. As the first instance truly fails, the new instance can completely take over the load. In an old fashioned datacenter, such an app may have needed a duplicate server with application running constantly and be permanently on guard for a failure. This resulted in a completely redundant system with its concomitant costs, operating and maintenance resource requirements.

So now that we understand the advantages of the cloud, which applications should we put there?



The public cloud offers some distinct advantages like scalability, lower cost and some disadvantages like less control, lower security and privacy around the network and your application data. Thus, here are a few questions to ask before deciding whether to use the cloud or not for certain applications:

    • How secure must the application be? Including privacy of sensitive data, network, storage.
    • How much control or governance is needed over the application?
    • Are there governance requirements such as Sarbanes-Oxley, or HIPAA that must be observed?

What are the application needs in terms of:

    • Scalability – over time, as well as peak usage times
    • Dispersion – Is the application needed by users spanning a global or a large geographic region?
    • High availability – Is it required to be up and running 24×7 such as some ERP applications which are mission critical
    • Disaster recovery and business continuity – is it a highly mission critical application?
    • With which data and applications does the application communicate?
    • What are the storage and compute loading requirements over time, and is latency a factor?
    • Is there a short term project where a big data crunch exercise needs to be run? A super compute-intensive task may

Other factors include the business time pressure, cost pressure and willingness to take a risk. Some companies have tasked their CIOs with “Cloud First” initiatives where they expect the application to be first hosted in a pure (public) cloud environment. No training wheels. No safety nets. ‘Just Do It’ style.


Typical apps that could be managed in the cloud include:

Public cloud: Website, HR, non sensitive development (e.g. wire framing) and test systems, non sensitive customer facing apps, non-sensitive archivals, anti-malware or anti-virus applications

Private cloud: 24×7 ERP, Email, APS, SCM, Finance, CRM, SFA

Some of the following scenarios may also contribute to deciding when to place an app within a cloud. Is it a onetime big project that might need a lot of servers to process a huge task? For example, converting a whole library of research papers or books into PDFs might need hundreds of servers that an IT datacenter shouldn’t have to buy or support but should be able to ‘rent’ cost-effectively through a public cloud. Big data projects that require intense calculations (and therefore short bursts of extremely potent processing power, which is economically unjustifiable for the enterprise to buy)  for extracting meaningful information from huge reams of data are obvious candidates if the data is not sensitive.



Bottom Line:

Depending on the kind of application and its security, control, regulatory constraints, scalability and uptime requirements you could consider hosting it in the private cloud or in the public cloud.

Mission critical applications should be hosted in the private cloud. Some mission support apps and those apps that do not have high security or control or governance requirements could be hosted in a public cloud.

Make your list of applications and group them by security/sensitivity/control/governance and then understand the scalability and global requirements, separating out the applications that can be hosted in the private and public cloud.

Above all, understand the business objectives, needs and drivers. There may be hard requirements from above, to prioritize some new, innovative, competitive applications way above everything else. In that case, focusing on getting them into the cloud first and ‘making them rock’ so the company grabs some extra business or beats some dangerous threats, may become the CIO’s highest priority. At least until its time to change that oil again.