Web 2.0 Watch

“Bob” (not his real name), is a CTO of a small, but very promising Internet startup that is developing an application that leverages the power of social marketing in a unique way – a cutting edge e-commerce Web 2.0 company.

As a small company (roughly a dozen developers and testers on staff), this Bob’s company is using a popular cloud service (let’s call them Acme) for their development and testing environments, as well as proof of concept web sites.

In a very interesting talk with Bob and his colleagues, I was surprised to find them ambivalent about a full time commitment to the cloud. “Acme’s” cloud environment is scalable and flexible in terms of computing power. For a startup that does not have unlimited resources, it is a godsend – on paper. But there were three big issues that troubled the CTO.

• Reliability – Acme’s cloud system suffered three different outages over a year. Two were relatively minor, the third lasted nine hours. NINE hours – on a weekend. The lead developer wound up having to rebuild an instance on the server altogether – not a pleasant experience. Imagine a Proof of Concept site that expects heavy retail traffic going out for hours. 

I know what you’re thinking – what about the ability of certain cloud applications to auto-scale and switch over to backup servers? Well, it is not included in the “basic” package if you will, it costs extra. As a senior developer (who had been working on the project for a year) explained to me – Acme works with flat rates. Cost can become an issue once computing expands beyond a certain point. An suitable analogy is to think of the Acme model as being charged as if you were taking a ride in a taxi, a constant charge no matter what the usage. Small companies want to be charged as if they were using a cell phone, with price breaks for heavy usage or multiple features. I found it a bit odd that Acme’s marketing people couldn’t cobble together a deal of that nature.

• Security – Acme is not PCI complaint. Hence, that can make a CTO queasy and potential client CTOs positively nervous. Granted, security issues should always be assumed to be your personal responsibility. I’ve often thought that cloud security is an issue that often has the onus solely misplaced on the cloud provider. , I believe that companies should always take full responsibility for their security.  I’m reminded of my last trip to a parking garage:  It was well-lit, there was conspicuous security – and there was a very large sign that read, “We are not responsible for your valuables – please lock them away.” Sound advice. Bob and his team decided to develop a protocol to deal with denial of service attacks, among other issues.

• Flexibility – Call it a tipping point. Bob’s team was involved in the analysis of a defect tracking system. Three viable candidates were indentified and installed in the cloud. The applications worked, except for one rather significant feature - Email notification. You see, any competent defect tracking tool provides email notification – vital to developers and QA personnel alike, and provides a tight SDLC. It is possible to send mail from Acme’s environment, but since spammers sometimes find cloud environments hospitable to mail spam to you and I, mail from Acme is rejected by many mail servers as a cautionary measure. The routing of Bugzilla email went through a Yahoo server, and surprise – no email was received by anyone. With each application unable to send any mail, another environment had to be found.

As "Tom", a veteran developer told me, “If I need 100 servers and their computing power for a month for some interesting research I do, renting space in the cloud makes a hell of a lot of sense. But if I need computing power for a prolonged period of time…man, that’s too much money.”

Security, Cost-effectiveness, and the ability to accommodate communications in the cloud between 3^rd parties. This doesn’t mean that The Cloud is in trouble with small businesses – but it does highlight issues that must be met head on as small businesses become larger and demand more communications between customers and the business, as well as internally.