"Larger organisations carry a lot of IT baggage built up over many years. Any new cloud-based solution needs to work with the existing infrastructure."
PA'S alastair mcaulay, CLOUD expert
While IT departments may see the Cloud as a threat, senior managers are attracted to the lower cost and greater flexibility to respond to demand fluctuation and organisational changes. Beyond the hype, the benefits are significant but there are many issues that should be addressed - integration, security, resilience, governance and regulation compliance.
There is no doubt that the marketing efforts of cloud providers have raised awareness of cloud services among the wider business community. They have inspired many organisations to head for the clouds. The Asia Cloud Computing Association has recently reported that investment in cloud computing projects in China alone is expected to reach USD154 billion over the coming years. But marketing alone is not enough to explain the fact that cloud services are now being used in earnest.
From a business user’s perspective the cloud appears to be:
• easy to access from a modern user interface such as a browser or apple
• capable of meeting the functional and capacity needs of the individual or business
• always on (with apparent 100 per cent availability) and accessible anywhere from any device
• able to deliver consistent and dependable performance
• a low-cost solution.
If this perspective seems to be fanciful, then consider the ordinary user’s experience of cloud services. Each of the above points would apply to a user’s view of their social networking service (Facebook, Sina) or their web search service (Google, Baidu) or their free picture hosting service (Flickr, AZNphotos). From the business user’s perspective they don’t appear to have their head in the clouds at all.
It comes as no surprise that the drive towards cloud within an organisation typically comes from the business, not its IT department. Established IT departments tend to see the cloud as a threat to their role as the gatekeeper to IT services. Its introduction is also perceived as bringing a raft of technical issues that IT departments would rather not deal with. In contrast, new start-ups see the cloud as an enabler, providing off-the-peg services that rival those of larger competitors but avoid the need to build costly IT infrastructures; the cloud effectively lowers competitive barriers. It is no surprise that start-ups are the keenest adopters of cloud services; as evidence Amazon has just launched a program specifically aimed at encouraging Asian start-up companies to use their cloud hosting services.
But why are business leaders even considering a highly technical service such as the cloud in the first place? The answer lies in the way the cloud is being marketed: easy for anyone to understand, where a flexible service is supplied and managed by someone else. Cloud is also noted to be allegedly cheaper than an in-house alternative. As the most well-known providers of cloud services, such as Microsoft, Amazon and Google, are also trusted household names, their products and services are already being used by those very same senior managers.
What this highlights is the discrepancy between perception and reality, between the views of senior management and end users, and those of the IT department who are charged with bringing the vision to life. Users are understandably only interested in the benefits that cloud can offer; the IT department is responsible for ensuring the cloud-based solution delivers to expectations.
The business case drivers are typically derived from the following benefits.
The perceived lower cost of cloud services is a major driver for all organisations irrespective of size. In reality the impact of cost savings and limited capital investment is likely to be disproportionately greater in smaller organisations.
Few organisations remain fixed in size and equally few applications have constant demands placed on them throughout their lifetime. The capacity of an IT infrastructure or software service to be scaled both up and down according to demand removes a significant headache facing many IT managers, especially when traditional bounded systems reach capacity.
‘Pain-free’ service evolution
Some SaaS providers boast that their services are always up to date, with new features and software revisions introduced seamlessly, sparing organisations the need to refresh their own infrastructures.
Cloud services typically offer a high level of availability, though not 100 per cent availability as is often assumed. Cloud providers – particularly larger providers – do also offer high levels of resilience through global replication.
Cloud services from major providers typically offer an anytime, anywhere capability. For Asian business that can be spread over multiple time zones and languages, a service such as Salesforce.com that supports Japanese, Thai and Korean languages will be very attractive.
Few would argue that this is a great set of benefits; however there are definitely issues that impact the IT organisation. Any credible business case must enlist the IT team to seek to address them. Typical issues and their potential mitigations are:
Integration and interworking issues
Larger organisations carry a lot of IT baggage built up over many years. Any new cloud-based solution needs to work with the existing infrastructure. Applications must continue to be able to share information across the cloud boundary and there must be minimum disruption to business.
Implementation plans must explicitly take account of the technical integration of the cloud with any core applications that are highly bound to the organisation’s IT infrastructure.
Security and privacy issues
Although security and privacy are important to all organisations, the ability of an organisation to manage security can vary dramatically.
Particular attention must be paid to how security is maintained, since even apparently small changes to a service can have security implications. Organisations should review with the supplier precisely how security will be maintained and the mechanism for reporting changes that might have an impact on security.
The level of resilience offered by the cloud varies depending on the size and type of provider. The larger providers (Google, Amazon, Microsoft) achieve high levels of resilience by distributing and replicating processing and data across many data centres. However if data is lost, there needs to be mechanisms to recover back to the original position.
Addressing this issue depends heavily on the type of cloud service - whether it is infrastructure, platform or software as a service. With infrastructure the most effective method of improving resilience is to use more than one cloud provider, ensuring that the two infrastructures are genuinely independent. The cloud customer then ensures that the applications running on the two infrastructures are synchronised.
IT governance issues
While the technical delivery of services may have been outsourced, supplier contract management and ongoing technical management of responses to changes made by cloud providers both require appropriately skilled staff who understand what changes the providers have made and their implications for customers.
Despite the cloud being in many senses a commodity, service providers still need to be managed just as traditional outsourced service providers are. The level of control cloud customers have will be less, but this only means cloud providers must communicate the likely impact of changes clearly.
Legal and regulatory issues
Closely allied to, and often driven by, security and privacy concerns, legal and regulatory requirements constrain the choice of cloud options available particularly to larger companies but also to smaller ones.
Legal and regulatory requirements are black and white. They have to be adhered to. Any regulated organisation or organisation governed by special legal requirements is obliged to seek written assurances from any potential cloud providers that they can meet those requirements. This is a particular challenge for the Asian geographies as there is a greater variance in regulatory environments than the USA or within the European Union.
To their credit, service providers are stepping up to the mark and delivering solutions that meet general legal and regulatory requirements, and undoubtedly will increasingly seek to address regional ones as well.
In conclusion the commodity nature of cloud services is both an advantage and a disadvantage. It lowers costs, delivers standardisation and provides relatively painless service upgrades, however that also means that services are unlikely to meet the exact letter of any corporate requirement.
This pushes the responsibility for assessing the ability of cloud services to meet individual corporate requirements back on to the customer. The customer has to define what it wants in terms of security, privacy, resilience, integration capability and then conduct an assessment of what is on offer against those requirements.
Buyers need to keep focussed on both understanding the benefits and recognising the IT challenges to overcome.
Alastair McAulay is a cloud expert at PA Consulting Group.