There's an interesting dichotomy in the early data IDC is collecting about how secure IT execs at big companies feel about cloud computing.
The ones who use public clouds from Amazon, Rackspace, Microsoft or others -- almost regardless of the size of the service provider -- are pretty confident in the security and reliability of the cloud, according to IDC security analyst Phil Hochmuth.
Those who are building, using or planning private clouds -- which are far more secure and offer many more ways for customers to control performance and capacity allocation -- are a lot more nervous about security and performance.
They're secretive, uncertain about the reliability of the technology, the skills of their staffs and a little paranoid about the risk to their data, application performance and return on the investment.
Private clouds, in this context, means they're building a layer of software onto their data centers that allow them to shift application workloads around, reallocate memory, storage, compute power and other IT resources to the workloads that need the most oomph at the moment, and consolidate data, security and management in one "place."
Private clouds that are housed by external service providers operate just like traditional outsourcing or hosting services, except the systems are built out as cloud servers rather than traditional hosted servers. Applications still run on virtual machines and can be controlled or moved around in the same way they can with clouds inside the data center. All a company's virtual machines run on physical servers devoted only to it, however. Network links between the external private cloud and internal data centers are either dedicated lines or heavily encrypted VPN tunnels.
Public cloud services run VMs from several companies on a single physical machine, and share networking bandwidth on the way in and out of the facility.
Given how much less secure a public cloud appears to be, the dichotomy between the two groups of execs is odd, though it echoes reactions I've heard interviewing CIOs using or building clouds as well.
I assumed it was just a difference between happy go lucky early adopters and those who are a little more cautious.
Actually it has more to do with how seriously IT execs take the cloud and what they put on it, Hochmuth says.
Those using public clouds do it as a source of temporary extra capacity, as a place to run short-term marketing projects or surveys, non-critical web sites or collaboration applications or other things that wouldn't cause career-ending problems if there was a problem with them.
Those building private clouds are doing it to make their core IT operations more effective. They're paranoid about security and reliability because they can't afford failures in either.
Ultimately, the paranoid, cautious, secretive private-cloud users are the early adopters, using a new and comparatively untested technology to make potentially huge changes in their costs, flexibility and effectiveness.
Those using public clouds are just messing around, using an inexpensive resource to do things they might not do at all if it weren't available.
They may be considering larger migrations to clouds, but on the whole, they're waiting to see how it works out for others first.
The data are still preliminary, the analysis isn't finished, and my characterizations undoubtedly go a lot further than those Hochmuth will offer when the study is published in a few weeks.
Still, reversing my assumptions about which cloud users are early adopters and which are late explains a lot of the attitudes and decisions that seem contradictory otherwise, and aren't as obvious with technology migrations that are less sweeping than the cloud or that pose less of a risk to those that venture out on them with critical systems rather than those they're willing to throw away.