It’s a recurring theme: Developers, test engineers and QA teams are strapped with tight budgets, shortened schedules and increasing competition. Successfully delivering innovative products and services in this environment requires agility and rapid innovation. Yet the challenges are exacerbated by the difficulty in obtaining IT resources required to meet these objectives. The response to these challenges can vary, and an increasing number of organizations are considering moving development and test practices to the cloud.

Fortunately, the cloud has matured to a state where it can deliver real answers and proven approaches to overcoming these obstacles. In fact, Gartner has stated that cloud and mobility will drive the worldwide application development market to exceed US$10 billion. The cloud’s success is due in no small part to self-service provisioning and low entry costs.

Shrinking budgets and timelines are common problems that drive application development teams to consider adopting a cloud model. Provisioning IT resources through a self-service portal capability alone can cut days or even weeks of application delivery time by getting developers started faster and enabling QA to test more frequently. The cloud also encourages standardization of the systems and services used in the application life cycle. This helps reduce or eliminate costly delays due to configuration drift. The net effect ensures that businesses bring better quality products to market earlier than their competitors.

On the surface, it may seem that adopting a cloud solution for development and testing is as simple as swiping a credit card and firing up the service. That method works for individuals and ad hoc side projects, but it does not scale to suit business objectives. As with any change to core business practices or infrastructure, key considerations must be evaluated to ensure proper selection and utilization of a cloud used for development and test purposes. In my experience with cloud users, there are five key areas that every team should look at closely.

Security and control
Regardless of a company’s size, market or products, the need for security and control are paramount. This has become more evident in a post-Snowden world, and companies are broadening their security assessments. In this regard, it is helpful to be aware of differences in abilities among public and private clouds.

Used by tens of thousands of companies, public clouds are by definition operated by a third party. Without physical control over resources, customer concerns about the safety of storing customer data and corporate intellectual property are appropriate. Fortunately, there are cloud providers with broadly applicable certifications in SSAE 16 and ISO27001. Some cloud customers may also require specific certifications such as PCI DSS for payment systems, HIPAA for healthcare patient data, and FIPS 140-2 for government agencies.

By contrast, a private cloud is deployed within your own data center, secured and managed by your team of experts. The cloud should integrate with existing LDAP or Active Directory authentication systems. It should support fine-grained policies and role-based access controls, simplifying how your cloud administrators grant permissions and access to cloud resources. However, this cannot guarantee security or compliance; a thorough assessment by IT administrators and security or compliance teams is a must.

Many companies have concerns about being locked into a specific cloud solution. This can be due to worries about potential costs, concerns about business continuity in the event of cloud failure, or something else completely unforeseeable. Looking for cloud solutions that have adopted the industry-standard API makes it easier to dynamically shift workloads and data from one environment to another.

Interoperability among private and public clouds enables businesses to benefit from both, without changing tools and processes. For example, development and test activities can run on the private cloud without increasing monthly expenditures. Then the application can be deployed on the public cloud for scale and global reach.

When evaluating solutions, a common trap is to compare the performance of cloud-based compute and I/O with that of bare metal. This is not to say that raw speed is unimportant, but it does form too narrow a view. When evaluating cloud platforms, one must also consider how it may alter the performance of the application development processes.

Cloud platforms can dramatically reduce the time to procure, provision and configure new resources. By automating procurement through the cloud, teams have access to resources simultaneously, removing any lag time in that sense. The time it takes to configure new resources will be reduced as your team can both maximize the efficiency of a shared workload and quickly reallocate as needed.

Public cloud providers offer a specific set of machine configurations, each designed to accommodate particular use cases-for example, lots of RAM for memory-intensive services, faster CPU for rapid compute, etc. Private cloud platforms are deployed on your own equipment so you can design a cloud with required performance characteristics more efficiently. Of course, you pay more to gain better performance with either options, so be sure to estimate costs of a typical application in the cloud.

A cloud platform should support multiple monitoring levels to aid in administration, maintenance and troubleshooting. Nominally the cloud platform should provide visibility into the health and performance of the infrastructure, services, and provisioned resources.

Cloud infrastructure-level monitoring, relevant for private cloud options, should produce metrics regarding CPU, memory, disk and network I/O, among other performance indicators. With this information, IT or cloud infrastructure administrators can proactively ensure the cloud has the physical resources it needs to fulfill requests. Public cloud platforms manage the infrastructure as part of their business and shield customers from needing to monitor this.

Cloud services are the control system that handles the provisioning and management of cloud resources. The platform should have programmatic access to cloud services monitoring, so applications can detect potential issues and teams can take appropriate action. For example, if a data service running on the cloud is slow or unresponsive, the application may automatically launch a secondary data service.

Also be sure to review what the cloud platform can show about provisioned resources. Most have the ability to report on the state of a resource (started, stopped, terminated, etc.). Some allow end users to define additional attributes, like tagging, to make it easier to find and report on collections of resources.

Flexibility is one of the major selling points for organizations to move operations to the cloud. Consider choosing the cloud that best matches the application requirements and business goals while still allowing for maximum flexibility. As organizations scale, the need for flexibility heightens to accommodate for the increased demand in workload. The ability for teams to work synchronously regardless of location is crucial. This is especially true for agile technology companies that may see abrupt large spikes in demand.

To meet spikes in demand and unpredictable workloads, consider using both private and public clouds in a hybrid scenario. A hybrid cloud approach offers a unique perspective on flexibility, as you get the control and agility of the private cloud, and greater deployment scalability with the public cloud. The security of being able to keep information on-premise combined with the elasticity of scaling workloads are key components when developing and testing in the cloud-a hybrid approach can offer the best of both worlds. Many organizations are adopting this model as a way of future-proofing their broader IT strategy from both spectrums.

A well-planned cloud that’s designed for development and testing can dramatically reduce application development cycles. While I’ve laid out the five essential areas when evaluating a cloud strategy, consider each as it relates to your specific overall business goals. Taking these approaches and properly planning before taking the plunge can save companies unnecessary headache and ultimately save time, money and resources.

Shashi Mysore is the Director of Product Management at Eucalyptus Systems, where his responsibilities include overseeing all aspects of the product life cycle, from strategy to execution. Mysore obtained his MS and Ph.D. in Computer Science from the University of California at Santa Barbara, and is a recipient of several awards at internationally renowned conferences, including two IEEE Micro Top Pick awards.