Without question, there is a great deal of buzz about public cloud computing and what it means for the future of IT.  Right now, IDC estimates that over the next five years as spending on public IT cloud services expands at a compound annual growth rate (CAGR) of 27.6%, from $21.5 billion in 2010 it will reach $72.9 billion in 2015.

So what exactly belongs in – and out of - the public cloud is much more than just an academic question - it is a fundamental and high-value business decision.

At its most basic, public cloud computing uses the Internet to make data and applications accessible on demand, without intervention, from remote hardware. In essence, it is an IT services delivery model.

For some, working in the public cloud means using a hosted application such as Salesforce.com.  For others, it means using a bare metal server and storage environment through Amazon.  Or it could be a holistic development environment like Force.com or Microsoft Azure. And, then there are a bunch of other providers such as Google, and IBM that are providing a combination of infrastructure, platforms, and software as public cloud services.

Sounds simple enough and a great way to optimize computing resources and increase IT services without building out and absorbing the costs associated with in-house data centers.  But, it is complicated and not the simple “on and off” switch that some would lead you to believe.Of specific concern is the fact that the public cloud is not one, simple homogenous environment. It is a whole bunch of things not dissimilar to the heterogeneous environments we have been dealing with in data centers for years: multiple hardware and OS platforms, new and legacy applications. 

The dirty little secret is that while the cloud is providing loads of computing options, it is also loading on tons of complexity, creating barriers to integration, and imposing limitations on interoperability. In short, public cloud is creating a new layer of vendor lock-in.

So you must have a clear idea of the cloud environment you will use before you select or design a specific application to run there. You cannot just pick up an application that is designed for Amazon EC2 and push it to Microsoft Azure. You cannot simply migrate an existing IT service from your in-house data center to run as a Google App. It simply isn’t going to work. Each application or service has to be designed or rebuilt to be compatible with a specific cloud environment.

This dirty little secret makes “cloud choice” a critical up-front requirement in adopting public cloud computing. Especially considering the high and rapidly increasing spend on public cloud, this also means cloud choice will have a significant long-term impact on both IT and business.

Would industry standards help? Without question. And organizations like the DMTF are indeed pursuing such standards.  But realistically, are we ever going to settle on one industry standard for all public cloud services and activities? Are we even going to have a useful and broadly adopted standard for cloud interoperability any time soon? The odds are strongly against it.

This is why public cloud computing brings management and security to the forefront. Management and security help IT professionals make the right public cloud choices up front, as well as in the long run, to improve interoperability and reduce (or avoid) the impact of service provider lock-in.

For example, new applications need to be developed for specific cloud environments. IT professionals will need cloud-savvy project and portfolio management to figure out how to best adapt existing waterfall and/or new agile development processes to support specific cloud environments. They will also need to apply security controls to adequately support not just current development teams, but potentially multiple teams, departments, geographies, and even companies.

For existing services and applications, IT professionals will need to understand their portfolio of services to decide exactly what is appropriate for the public cloud and what should stay in the internal data center. For services that will be migrated to the public cloud, management is essential to help decide which services should run where, and when they should run.

For both new and existing services, policies need to be applied to ensure IT is planning for appropriate performance, security, continuity, and compliance. Once services and applications are in the public cloud, real-time operations must then be managed to ensure that service levels and security are preserved.

After all, most public cloud servers are not sitting in your backyard. They are on some grid, possibly a long way from your main data center. IT professionals must be very careful about what runs out there. Initially, you might not want to run customer-centric or customer-critical data in the cloud. You may decide that high bandwidth transaction processing applications are never going to migrate to the public cloud.

On the other hand, applications that are more lightweight, or that provide little in the way of differentiation, such as email or Web servers, are doing enormously well in the cloud.

So, is cloud computing the new paradigm in the IT industry? The promise is enormous: the ability to pay-as-you go, lower hardware costs and introduce a flexibility that doesn’t exist today.

However, a move to the cloud has to be thoughtful and carefully planned. The technology landscape is littered with great ideas that did not succeed because they never got beyond the hype stage. It is also littered with great CIOs who have had to suffer the long-term consequences of just one bad decision. It is incumbent on the IT industry and CIOs in every enterprise to roll up their sleeves and make the hard choices wisely, to make public cloud computing real. If that happens, the true potential will be realized.