Apologies to BioTeam's Chris Dagdigian for stealing the title of this post from one of his slides at the CHI Cloud Computing conference in La Jolla this morning. Its true on so many levels - an overhyped platform with a silly name that people are probably sick to death of hearing about by now! Yet so many people have yet to even try it, and there is definitely real substance behind the hype. Listening to all the real-life use cases at this conference it is clear that cloud really works - but only for some people, some of the time. Like any other tool it has its uses but is not a cure-all. Clouds are great for certain tasks but not others, just as sticky tape will mend your torn paperwork but won't repair your broken china.
The question and answer session which Chris sat through after his talk focused almost exclusively on one area - security. I won't repeat the arguments as they've been said a million times already, but needless to say there are three key points to take home: that the cloud security is almost 99% certain to be better than yours at home, that anyone other than Amazon is likely to be kidding themselves that they can beat Amazon in terms of feature, service and cost levels, and that unfortunately we've only got Amazon's word for it that their data centres are secure (Amazon's own Jeff Barr admitted in the same Q&A session that the PCI auditors had to be educated about what cloud really meant, and had to rewrite some of their assessments and rules before being able to certify Amazon's setup - not necessarily a bad thing considering the novelty of the technology, but in the absence of a truly independent audit it does leave things open to conjecture to a certain extent).
In general the big message here in La Jolla is that people have succeeded with cloud in building systems never before feasible or affordable (Cycle Computing's 10,000 cores for $1060/hour being a case in point), but in other areas the technology has a way to go. For instance Amazon will provide you with lots of bare infrastructure but it leaves you to manage the application security, data encryption, and other key measures yourself. To handle this effectively is possible but requires in-depth knowledge and expensive sysadmins and security black-hats. You'll nearly always be better off buying in a prebuilt service for these situations than trying to replicate it yourself.