Re-examining CAD in the Cloud
Cloud applications have been around a long time. This blog is a great example of one. There are a lot of types of applications and data that are served up on the web. Companies use cloud because of the advantages:
- reduce IT infrastructure
- use any device that has internet connection
- no local install
- no local maintenance
- no special hardware requirements
- data automatically shared with whoever has access
- small organizations can get some of the infrastructure benefits of large organizations
It saves a lot of cost to avoid having the end user do so many things, like download, install, update the software every couple of weeks. If you think about how much time you spend doing those things, that’s a lot of avoided cost.
But at the same time, there is a lot you give up when you go to cloud apps.
- vendor lock-in
- control over your own data
- control over downtime
- a bigger concentration of data means a cloud provider is a bigger target
- There are still places with no internet service or slow internet service
- internet interruptions can corrupt your session
- cloud services aren’t always priced to save you money
- you may have to share servers with other customers
- the people maintaining your server, hardware and data don’t have the same priorities as you do
- you rely on another system you don’t control (electricity at local and cloud facility + internet + cloud service)
And here’s the thing: EVERYBODY gets hacked. This blog has been hacked a couple of times, and people get locked out weekly trying to get in even though there is no data prize waiting for them. The NSA has been hacked. The bigger the pot of gold, the more the crooks are going to try to bust in. People selling apps on the cloud want you to believe that they won’t get hacked. But whether it is exploiting vulnerabilities, or stolen or illegally sold credentials, the bad guys will get access eventually, and you may not even know it until its way too late. Data breaches are a daily occurrence, with or without professional security.
One answer is a hybrid approach – use a common shared installation, but behind the enterprise firewall. Right now installations that are big enough have their own private cloud installations. They get all of the advantages of cloud apps in distribution and centralized maintenance, but they have local control, and they are a smaller, less tempting data hacking target. Over time, the threshold for this type of installation should get smaller, and the software industry will cycle back to decentralization for medium sized organizations.
There’s a reason why the public cloud argument doesn’t universally ring true – and that’s because it doesn’t really make sense. In the same way that renting a car only makes sense in certain situations, and it’s never really the least expensive option. Centralization is always a bad thing for people who value their independence.
Matt-
You should really look at what Microsoft is offering these days. This might change your mind a bit and even show you that some of your objections to cloud can be resolved.
https://news.microsoft.com/innovation-stories/cloud-pc-windows-365/
Realize people this is not like AWS workspace..this is complete OS running on the cloud and your receiving device is just that..a display and input device. Think of all the logistics and steps required to on-board someone. From hardware ordering, receiving, configuring the laptop, setting up vpn, sending pc out to new hire, etc. This solution is login to MS account setup up user..send link..done. No worries about how to get your hardware back, repurposing the laptop, etc.
I would also like it if you would share some definitions for the readers.
I’ve found there are three types of “platforms”
1. On-Premise
2. Cloud Ready
3. Cloud Native
If we use these three “platforms”- because I can’t really come up with a better term at the moment- how does this affect your opinions on cloud tools?
This kind of thing works for organizations over a certain size or complexity. Some groups cannot give up that much control or independence .
I’m not sure what “control” a company is giving up? Can you expand on that a bit? I would also like to understand what you mean by “independence”? Can you provide us with a few examples? That will help me understand your positions a bit better.
One loss of control is that you have people with physical access to hardware with your data on it that you do not know, you have not vetted, and you in short don’t control the security around your data.
Another loss is that your data might be physically located on a shared server, and you have no idea what other organization you are sharing hardware with. Every share of this kind doubles your chance for a security breach. All sorts of loss of control if you are looking for it. If you have a reason to push the cloud idea, you will often not see threats for what they are. If the hardware is in a location you control with your employees, you have fewer layers of security to worry about. You can do backups when you choose. You can swap hardware on your schedule. You can do upgrades on your schedule. Mostly, when you stop paying for the cloud service, you lose your data, or at the very least someone else winds up with it, with no contractual incentive to secure it. Independence of this sort requires an investment in personnel, hardware, software, training, etc… but it’s not nearly as potentially costly as dependence.
There are times when it makes sense. For example, I use WordPress as a cloud app because it costs me nothing, and I can access from my desktop, laptop, tablet, phone, etc… Plus, all the data on the blog is stuff I want to share and make public anyway. The risk of hacking is left to real amateurs who need practice or are trying to make a name for themselves. There’s no real reward for hacking Dezignstuff.
Ralph, yes, waiting to see the public reaction to Onshape and cloud Autodesk has validated a lot of skepticism. Yes, there are some fanboys, but it’s all very muted. There’s no noisy revolution. There are some things about cloud cad I wish we could bring forward, but the business model isn’t very idealistic about user side improvements, the improvements are all from the business side, and just spun to sound like user improvements.
Waiting a few years for the hype cycle to flatten makes it possible to see the drawbacks that corporations don’t want customers knowing about.
Good summary of the pros and cons, Matt. One more negative item is that cloud-based software forces upgrades on you, which we know isn’t always a good thing.
Ralph, that is a very big point and gets bigger with the complexity of the software. CAD software which doesn’t seem complex to many outsiders is incredibly complex between the myriad of object it must create and the myriad of ways to create them, but then layer on customer specific combinations and workflows, and the testing scenarios go infinite. We all know that it is standard practice to wait 2 or 3 maintenance patches before jumping into a new version of CAD system “X” for many folks who view it as mission critical software, and that is given that those maintenance patches are not introducing new features but instead only fixes. What happens when every “patch” also introduces new features and you have no choice to take them? Always fighting new issues and developing workarounds would be my expectation. The really big enterprise cloud apps (ERP/PLM) have a “QA” server that customers are expected to test on prior to the production system being upgraded, but even then you have to have the staff and the schedule to do this regularly as you are on the software companies time table, not yours.
Howdy Matt,
So it sounds like your re-examination hasn’t made you feel like it’s the greatest thing since sliced bread?