Since last year I have been discussing Cloud Computing. Cloud Computing, both at events such as meetings and conversations with customers. In fact, it’s getting harder to participate in any conversation about this subject without IT failure.

But I still feel that ignorance is great. Much curiosity, but little action. Well, these conversations collected an ever-recurring question, which I will share with you here on the blog.

One question is “What can I operate in a cloud?”. In practice a cloud environment will not solve all the problems of an IT company. There will be applications that will work very well in the clouds and others not. A typical example of applications that can be moved clouds are Web 2.0 applications, collaborative environments (such as email, webconferencing, wikis and blogs), e-learning, simulations, computing systems and analytical development and testing environments. Moreover, a cloud can be used for applications that require the so-called “cloud burstings” on occasions in which the computational demand grows too. An example: an e-commerce application that offers promotions “must see” for short periods of time.

Others, especially those that require a high level of integration with legacy systems or have rigid boundaries to get better performance on servers operated in the traditional manner.

However, when we talk about Cloud we are not talking just about public clouds, but clouds of private or internal to the company firewall, see for instance splunk cloud services, availed by various companies. An internal cloud, apparently, is confined to a cloud computing data center company. Some applications may be in public clouds like mashups that make heavy use of external platforms such as Facebook. But, others that require a greater need for control and strict adherence to regulatory restrictions or compliance shall be within the firewall, on private clouds.

When using a public cloud, pass responsibility for the operation to the cloud hosting provider. For small businesses, with security procedures and fragile recovery (which is quite common), can be an attractive alternative. But for larger companies, with rules and control procedures, the use of public clouds is more restricted. For these companies, the use of hybrid or private clouds, where only part of the service is in public clouds is the most appropriate strategy.

Moreover, the issue of privacy and security always comes at the talks on cloud computing. Using a public or external clouds is quite different from using a traditional hosting service. In the latter you know exactly where your servers are and what you share, and do not share with other companies. In a cloud outside, it does not. You do not know where the provider’s data center, and much less on that server, your files and applications will run. Even if they are in your own country. Auditors are beginning to question how to audit applications and services on public clouds. Some public cloud providers will not like to open their operational procedures, considered “state secrets” to external auditors or forensic investigations.

Another important aspect that should be considered: the cloud provider’s ability to provide adequate services in terms of security and privacy. It is for users to make sure he can be trusted, questioning techniques and analyzing their data protection, authentication and control procedures, segregation of data between users, and if they have proper documentation for the audit process.

Compliance is another factor to be considered on the issue of using public or private clouds. Some legal and regulatory constraints may prevent a company from public to use clouds for certain applications or services. And the legal aspects of contracts with public clouds must be well evaluated. For example, what happens if you do not continue to use specified provider? How long it will provide data for your company so you run into another provider and if there are guarantees that the copies stored in their data centers will be destroyed. As we see, often it is necessary that the law should be involved.