5 ways the cloud will change in 2012 by Fortune Editors @FortuneMagazine December 21, 2011, 5:13 PM EST E-mail Tweet Facebook Google Plus Linkedin Share icons In 2011, cloud computing demonstrated that it was a major driver of change in the IT industry. Organizations of all types and sizes began using the hybrid cloud — a combination of public and private cloud computing — in earnest. What can we look forward to in 2012? The private cloud won’t go away, but grow bigger. Many early cloud projects were the result of developers frustrated by slow IT provisioning times. They took advantage of the ability to get rapid access to raw computing power from public cloud providers using little more than a corporate credit card. This lead pundits to posit that IT’s function had failed and that the public cloud was the One True Way. Thus the private cloud, a dedicated on-demand IT infrastructure within the four walls of an organization, was somehow not “true cloud,” and public cloud providers argued that private cloud should not exist because it wasn’t flexible or cheap. I call this the “holier than thou” argument. There are two problems with this idea. The first is an inherent contradiction: one cannot castigate IT departments for being inflexible when they are using private cloud to deliver a flexible, on-demand computing environment for their businesses. The second is that there are plenty of pragmatic business reasons why organizations find it easier and cheaper to deploy within existing data centers. Established, regulator-approved security and data privacy controls and processes are one example. In theory it shouldn’t matter where computing is done, but in practice it matters a lot. As one Wall Street CIO put it at a roundtable I attended: “Of course risk is the issue. If I can run it [the application] on a private cloud and pass audit, why run it elsewhere?” The hybrid cloud will continue to grow. Public cloud usage has driven a revolution in computing, especially for hard-to-forecast customer-facing applications. Private clouds are essential to organizations dealing with regulators, standards and other non-technical issues that are crucial to running business applications. The choice is driven by the needs of the business and the application, ensuring that hybrid clouds, making use of both public and private clouds as appropriate, will continue to be the pragmatic decision for most organizations. Platform-as-a-Service will win the hearts of developers. Developer-centric cloud infrastructure (IaaS) services have grown rapidly by providing high productivity environments for rapid application development and deployment. But platform-as-a-service (PaaS) represents a quantum leap in productivity and flexibility for application developers by further simplifying the development process. It does this by abstracting away virtual machines, operating systems and other extraneous details that are not germane to application development. For application transformation or brand new applications, PaaS is simply a more productive environment for developers. And that means less business for IaaS clouds targeting developers. Further outages will drive awareness of differences in service quality. Amazon’s AMZN well-publicized 2011 outages were a wake-up call for many who had erroneously assumed that there was any kind of performance or uptime guarantee for a cloud service. The good news: there are hundreds of cloud providers who offer actual service level guarantees and who have engineered their cloud offerings so they’re inherently more reliable. This shatters the notion that cloud computing is a commodity like electricity. It isn’t — the details matter, and what you don’t know can hurt your cloud application. There are qualities of a cloud service like high availability that are delivered through investment in infrastructure, people and processes — and that’s what differentiates providers. Clouds engineered with little or no investment in high availability may be superficially cheap, but you’ll have to pay to devise, code and operate your own availability systems from scratch. Organizations will continue to assume that private clouds have Hogwarts-like magical security protections. Those familiar with Harry Potter know that the Hogwarts School of Witchcraft and Wizardry is magically protected against those who would do its inhabitants ill. The same cannot be said for your organization’s own four walls, but this seems to be the fundamental assumption applied to private clouds: the top objection to any kind of off-premises cloud is security. All that matters are the actual security controls in place, and the processes to audit and verify that those controls are in fact there and functioning correctly. This is universally true, regardless of whether you own the walls, lease them, or they belong to a third party provider. Owning or leasing the walls doesn’t gain you magical protection. Fundamentally, this is an irrational belief that mere facts cannot challenge, which is why it will persist until there is more widespread experience, comfort and acceptance of off-premises providers. Mathew Lodge is Senior Director in VMware’s Cloud Services group. Mathew has 20 years’ diverse experience in cloud computing and product leadership. He has built compilers and distributed systems for projects like the International Space Station, helped connect six countries to the Internet for the first time, and managed a $630 million-plus router product line at Cisco. Prior to VMware, Mathew was Senior Director at Symantec, where he led go-to-market for its $1 billion-plus information management group.