The potential benefits of cloud computing are by now well understood. The task the IT community faces is to develop the operating practices that will ensure that the promise of cloud is realised, while the potential dangers of the delivery model are not. This was the topic of Information Age‘s Hosting & Managed Services event that took place in London in April.
According to Dr Katy Ring, director at analyst group K2 Advisory, cloud computing itself is not so much a revolutionary development as the latest step in an ongoing shift within IT. “Cloud is very much the topic of the year,” she told delegates. “[But] it’s only the latest manifestation of a profound industry change that has been happening for more than 15 years.”
Dr Ring cited network computing (as touted by Oracle and Sun during the 1990s), software-as-a-service (SaaS) and utility computing as previous incarnations of the same phenomenon. She said the cloud is currently still outside the mainstream of business computing. “There is a lot of experimentation [with cloud] going on in small pockets of organisations,” she said. “But we’ve now reached the point where the consideration is whether it can be pushed forward to become a more central part of an organisation.”
Dr Ring predicted that medium-sized businesses will lead the way in cloud adoption, thanks to their relative agility compared to larger organisations.
The security concerns that have slowed adoption are understandable but have been “over-hyped”, Ring said. A recent K2 survey found that a third of respondents believe that the cloud provides neither stronger nor weaker defenses than traditional client-server computing.
“In a cloud environment, service providers can call on extra defensive resources like filtering and re-routing, they can roll out new security patches more efficiently and can keep more evidence for diagnostics,” she explained. “There are benefits as well as drawbacks.”
Exactly where traditional hosting ends and cloud computing begins is a debate that has been perennially muddied by the myriad of definitions applied to the cloud. Conference delegates heard Chris Higgins, product and services development manager of SunGard Availability Services, explain in detail where the differences lie.
While both models are delivered via a shared distributed computing and pooled network environment, he explained, cloud computing benefits from instant scalability and elasticity, allowing business requirements to be met on demand. “[Cloud] is being able to match and mirror the needs of a business in real-time,” Higgins said.
But cloud is by no means the perfect fit for every organisation, he continued. The multi-tenant nature of cloud computing services contrasts with the dedicated server environments offered by managed hosting vendors and this can be a key differentiator when choosing which services model to go with, Higgins said.
This contrast is of particular relevance when issues of data regulation come into play, a thread picked up by Paul Court, technical director at managed hosting vendor Claranet.
Court focused on the difficulties of achieving compliance in the cloud. “The premise of cloud is that customers don’t need to know or care where their data is,” he claimed. “Most of the certifications assume that the organisation controls everything.”
Businesses operating in France, he said by way of example, are required by law to hold any information relating to French citizens within national borders.
He placed specific emphasis on payment card industry standard PCI DSS, with which all merchants that process payments must comply. The standard stipulates that cardholder data must be encrypted when it is transmitted across public networks and that security systems are tested regularly. Both of these are nearly impossible to guarantee in the cloud, Court argued.
Today, managed hosting providers are more likely to satisfy regulatory requirements than cloud providers, Court argued, as they grant customers greater control over system specifications. But he expects the compliance issues surrounding cloud to resolve as the model matures. “The IT department is going to use cloud – it makes good sense,” he concluded. “We’ll get over these objections.”
Departmental politics
A number of presenters at the Hosting & Managed Services event alluded to the organisational impact of cloud computing, a technology that places a question mark over the IT department as it is known today.
Martin Hingley, director of research consultancy ITCandor, explicitly addressed the political impact of organisations adopting cloud computing and how the technology is transforming existing perceptions of IT departments within business.
There are four main parties within a typical business that the cloud affects – financial directors, developers, CIOs and end users. “These groups often compete for resources and don’t always talk to each other,” he told delegates, “and cloud is a confusing function for them.”
For example, Hingley highlighted that end users may be capable of buying in IT services, such as SaaS from Salesforce.com, without notifying the IT department, while financial directors are faced with the task of managing relevant contracts and balancing operational and capital expenditures.
While all of this is happening, Hingley added, the CIO is left with the difficult task of administrating a complicated mix of legacy systems and disparate, bought-in cloud services. “Cloud can be used to disaggregate control of IT within an organisation,” he explained.
But organisational change is nothing to be scared of, argued Grant Tanner, business development director of Star Internet, as long as it delivers value.
Indeed, Tanner advised against simply recreating existing infrastructure in the cloud, suggesting instead that organisations embrace the transformative aspects of the delivery model, which he claimed can include significant cost savings and improved service levels.
That said, the move itself must not incur additional cost, Tanner warned. “You should be doing cloud from a [cash] net neutral position, if not less,” he explained. “IT directors do not want to risk the wrath of the board by asking for more money for cloud computing.”
Transformation does not stop when the migration is complete, he added. Buying organisations should require that their supplier improves the service continuously, and Tanner recommended making explicit provision in the service level agreement to ensure that this is the case.
Change management
Managing change in any services engagement is difficult yet vital. Mike Hill of IT advisory group Itica Consulting, told delegates that among other key questions, buying organisation must be clear on how they can make changes to a service before any contract is signed.
Hill warned that the pay-per-use models offered by cloud computing could in time turn out to be a fool’s paradise if moving from one provider to another proves too difficult or too expensive. “You’ve got to make sure that you’re able to get out,” he said. “We’ve heard a lot about how easy it’s going to be with cloud, but that remains to be seen.”
During his presentation, Hill highlighted other potential pitfalls of the cloud model such as overspend, poor return on investment and a perverse balance of power between customer and supplier. In addressing each of these problems though, Hill proposed the same solution – good governance by the customer. More specifically, he recommended mapping out who is responsible within the business for dealing with an issue should it arise and its precise path for resolution.
“If there’s one thing you need to get right, it’s governance,” he explained. “That will help you with any problems. If you’re overspending or the service isn’t right, as long as you’ve got the right governance in place, you’ll be able to get yourself through it.”
The event was characterised by calls for careful consideration when it comes to cloud computing. But Mark Seeman, product strategy and development director at IT service provider Outsourcery, concluded the day with a reminder of its potential.
“[Cloud] gives small and medium-sized businesses the capabilities of big businesses,” he said. “Those services where cloud is particularly applicable are the ones that make it possible for smaller businesses to deploy these on premise due to cost, complexity of management and available skill sets.”
See also: Trusting the cloud – End user viewpoints