Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

News & Announcements

Will “fake” clouds stall your enterprise cloud transformation?


This article originally appeared in Forbes


“The cloud? Sure, we're in the cloud. We ported our on-prem solution to a virtual machine.”

Heard that from your network hardware vendor recently? Don't blame Jane Salesperson. She's been selling appliances for years. It's what she knows. It's what she's commissioned on. For her, and for the appliance company for which she works, the cloud has always been on the horizon. For vendors like Jane's employer, the cloud may represent a threat to traditional hardware product lines.

So, Jane’s employer moves its solution to the cloud — only it’s not a real cloud. It’s fake. It’s the same technology, now further away.

The push for the cloud

IT leaders face corporate pressure to migrate to the cloud. Loyalty to a known technology can be an understandable barrier to change, and buying "the same thing but in the cloud" is an attractive option. But it may not be the way to drive growth. Moving to a cloud virtual machine (VM) of the same security hardware technology you used before doesn’t provide new scalability to perform full SSL inspection, nor redundancy, improved service availability or greater bandwidth.

Remember BPOS? It was Microsoft’s (a Zscaler customer) precursor to Office 365. BPOS offered hosted apps including Exchange and SharePoint, but it became a victim of its own success: It didn't scale. BPOS and simple VM architectures exploited a centralized-computing model. But they were single-tenancy-designed solutions ported to the cloud, and more users meant constrained bandwidth and network performance degraded.

The great value proposition of cloud computing lies in distributed access. When cloud solutions are widely distributed across hosting providers, they scale to accommodate volume, providing bandwidth and low-latency application access. Early SaaS pioneers like Salesforce and Workday got it. Remember Siebel? They didn't. PeopleSoft? According to Ahmed Limam, a journalist with years of experience in the HRIS space, they didn't either.


The seductive, illusory appeal of a fake cloud

Back to Jane Salesperson. Her hardware scales by appliance. Want more bandwidth? Buy another physical machine and maintain it.

Meanwhile, your enterprise users demand access to the internet, to the cloud and to internal resources. Bandwidth needs to grow faster than you can add racks. Switching to Microsoft Office 365? Expect port use to increase by at least a factor of 10. As traffic increases, MPLS routing complexity coupled with secure web gateway bottlenecks adds latency, negatively affecting user experience.

Jane’s vendor may stress they have a cloud solution. But it’s a fake cloud. It replicates the hardware solution without adding scale. You can’t put a thousand VCRs in a data center and call it Netflix. Though you might save a little on rack space, you will have to keep adding virtual machines at different locations to handle your traffic growth. And that’s going to get expensive.

Here's an analogy: Manufacturing science aims to optimize assembly lines. Is WIP piling up? Accelerate other activities to reduce it. But relocating (or reallocating) a bottleneck doesn’t solve the problem if throughput doesn’t improve or is capped. If Jane’s technology solution only moves the bottleneck to the cloud, it may not be the right long-term solution for your enterprise.

To be clear, your organization can always stick with Jane’s solution. You can keep your hardware and your applications (including messaging or conferencing apps like Skype) on-prem. You can even follow Jane into the fake cloud. But recognize the impact of that strategic decision: It works in an environment where network latency is minimal, multitenant scalability is less of a priority, cost is no object and cloud transformation isn’t on the roadmap.


The true cloud: multitenant, distributed, and scalable

Cloud services like messaging, conferencing and security connect traffic from one endpoint to another. Contrast that with cloud applications like Salesforce, Workday or Office 365, which serve as the destination themselves. For cloud services, a “true” solution must be distributed and scale with traffic growth. Hosting a cloud service like Skype or Zoom in the same way as a destination application may technically work, but the user experience will leave some users wanting.

So, when Jane next pitches you on her cloud service, consider the following:

  • Understand the distinctions between edge- and centralized-computing tiers for cloud services. If your vendor pitches a service solution with 130 supported edge sites but only 24 compute sites, it’s that second-tier 24 that’s the bottleneck. Proximity and distribution matter. Backhauling from the edge to more centralized compute regions is not the same as fully processing and inspecting traffic at the edge (where the functions are closer to the user).
  • Demand a multitenant architecture. Your vendor’s cloud solution must be able to scale to accommodate your growth as you migrate applications, resources and users to the cloud. Only a multitenant architecture can deliver the economies of scale required to deliver rich, interactive and reliable services in the cloud.
  • Assess pricing. It's obvious perhaps, but pricing can illustrate the distribution constraints. If your cloud-solution provider’s model requires you to replicate virtual hardware at different locations to achieve a breadth of scale, it’s going to get costly fast.
  • Gauge management impact. Replicating an on-premise solution in the cloud doesn’t change form factor. Though the solution may scale (expensively) with added VMs, will your organization scale to accommodate the greater management-oversight footprint?
  • Demand performance metrics for each tier of your vendor solution’s cloud architecture. Then compare and contrast with both hardware-only and cloud-only competitive and substitute alternatives.
  • Diversify cloud-hosting providers. Netflix notwithstanding, can your pitched multitenant cloud solution run off Azure, Amazon Web Services and GCP clouds? Ideally, can it run off of all three to minimize network hopping?

Choosing the right solution for your business

The lesson here is that—thanks to virtualization—anyone can be in the cloud. But for cloud services like messaging, conferencing and security, a single-tenant approach isn’t going to scale to accommodate growth. Jane’s fake cloud may very well be a good-enough solution for companies taking baby steps to the cloud. Change is hard! But ultimately, a true cloud solution will be faster, more scalable and more affordable for most businesses.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Patrick Foxhoven is CIO and VP of Emerging Technologies for Zscaler


form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.