- IDC predicts that 80% of new software offerings will be available as cloud services and that by 2014, over one-third of software purchases will be via the cloud
More than 85% of Fortune 500 organizations will fail to effectively exploit big data for competitive advantage through 2015
33% executives in a survey conducted by Saugatuck Technology identified integration as their top concern regarding SaaS deployment and use
On the SaaS vendor side, a THINKstrategies survey found that 88% of SaaS companies identify integration as important in winning new customers and a common sales hurdle.
for cloud analytics, data-as-a-service (a.k.a. DaaS), and PaaS.
With many pilot cloud projects gathering steam, organizations are evaluating transitioning their IT systems to a cloud-based architecture. However, such a full-scale move must take into account security risks, lock-in risks, and cost-benefit analysis over the lifetime of the investment. An InformationWeek Analytics report outlined a comprehensive survey of 393 individuals within various companies, 28% of whom had more than 10,000 employees. Amongst the many findings within the report, the most interesting ones were:
- 34% of respondents involved in the cloud used it for SaaS (applications delivered via the cloud), 21% for IaaS (storage or virtual servers delivered via the cloud), 16% for PaaS (web platform delivered via the cloud), and 16% for DaaS (Data-as-a-Service for BI and other data lookup services delivered via the cloud)
- 29% were not using the cloud at all
- More than one-third claimed to build in 31% or more excess server and storage capacity for non-cloud computing systems
- 73% cited “Integration with Enterprise applications” and 69% cited “Cost of Hardware and Software” as factors when choosing a business technology
- Almost 92% exhibited some sort of likelihood to comprehensively carry out an extensive ROI analysis of the expected lifespan of a cloud computing project
- 46% said that their ROI calculation would span 3-5 years
- 45% stated that “elasticity” is frequently or often required
There was also a feeling amongst respondents that cloud computing works for commodity applications but that complex integration requirements make costs skyrocket. The major sources of cost savings touted by cloud proponents involved three areas: efficiencies as a result of economies of scale, use of commodity gear and elasticity.
This last area of elasticity is worth exploring further, especially in light of the number of respondents claiming to require excess capacity for their non-cloud computing applications, and the assertion that complex integration requirements are increasing the costs in the cloud. Elasticity refers to the ability to scale up or scale down on storage resources on the fly. But the reality of elasticity “on-demand” is that most major software vendors don’t provide the ability to add CPUs without additional costs, and coding applications that appropriately scale up are difficult. Thus, given the above data about the necessity of elasticity and the large percentage of companies that conduct detailed cloud ROI analysis, it is evident that these two factors are correlated.
Increasing the ROI of a Cloud Deployment
In order for CIOs to see more of an ROI from deploying applications in the cloud, several things must happen:
- Data center automation software must reach a level of sophistication where they are able to automatically coordinate tasks between on-premise and cloud applications to optimize elasticity
- Software vendors must allow for special pricing for cloud providers so that these savings can be passed onto customers – a way to allow this is to ensure a multi-tenant architecture consisting of customers that use the same on-premise software as is used in the cloud-based edition by the respective provider
- Ensure that the web platform used for PaaS purposes by the customer is compatible with the SaaS applications that they subscribe to, in order to enable any custom widgets that may need to be written
- Massive improvements in the “converged fabric” architecture that brings together servers, storage, and networking, so that pools of additional capacity are easily available where elasticity is needed.
During the recent recession, Cloud Computing was touted as a new model for IT to adopt, in order to cut operational costs and extract maximum efficiencies out of their software. 2010 was supposed to be the ‘Year of Cloud Computing’ yet adoption still remains slow.
A recent InformationWeek article referenced a study conducted by Avanade which showed that 91% of U.S. respondents understood the term Cloud Computing while only 61% of respondents from the rest of the world understood it. Even more surprising was the fact that over half of U.S. respondents claimed to be using a combination of internal IT systems and cloud services (in other words “hybrid clouds”), while those who didn’t adopt any form of cloud computing cited security and control as their primary reasons for not doing so.
The unusually large number of ‘cloud computing adopters’ leads one to believe that the respondents considered web-hosting, salesforce.com, and other SaaS-type offerings to be cloud computing as opposed to pure-play cloud providers such as Amazon EC2, Heroku, and Google AppEngine. This leads us to the first reason for slow cloud computing adoption:
Misunderstanding Cloud Computing
The definition of Cloud Computing has converged on three distinct layers, each of them mapped appropriately to the ‘old’ traditional datacenter model of hardware, OS, and application:
Infrastructure-as-a-Service (IaaS): This includes servers, storage, and networking hardware stored remotely and delivered on an as-needed basis in the form of CPU cycles or data. Amazon EC2 and GoGrid are prime examples of IaaS providers.
Platform-as-a-Service (PaaS): This consists of a complete platform upon which to build your custom applications. APIs, database development, storage, and testing are provided as well. Microsoft’s Azure and salesforce.com’s force.com platforms are examples of early PaaS providers.
Software-as-a-Service (SaaS): This consists of applications delivered over the web and accessed through an internet browser. salesforce.com’s CRM modules, Gmail, and Workday are all examples of SaaS providers. However, as you’ll see below, there is a fine difference between a SaaS solution, and a SaaS cloud-computing solution.
While the above definitions provide a basic foundation for understanding what cloud computing is, they still do not enable decision makers to understand the myriad of complexities involved with pushing the ‘go’ button when it comes to migration, and deployment. I found this useful in-depth InfoWorld Cloud Computing Deep Dive report, which addresses all the ‘middleware’ components needed for a successful cloud computing migration, amongst other issues. One of InfoWorld’s main cloud computing bloggers, David Linthicum, wrote a book called Cloud Computing and SOA Convergence in Your Enterprise: A Step-by-Step Guide, which outlines the 11 categories of Cloud Computing. I’ve reproduced the image from the InfoWorld Report below:
Although the above topology adds more granularity to the various components of cloud computing, it is sometimes too all-encompassing. For instance, the Application-as-a-Service segment (a.k.a. SaaS) consists of any software delivered over the web. But to be a true cloud-computing solution, I believe that such SaaS solutions must be able to not only integrate well with on-premise software but also with other SaaS solutions that exist on some other platform.
Apart from understanding what cloud computing really means, the next biggest impediment towards adopting it is:
Security in the Cloud
The vast majority of enterprises who have taken to the cloud have done so in the area of non-critical business applications. However, to truly realize the full benefits of cloud computing, enterprises must be able to consume their mission-critical business applications in the cloud, and be able to transition seamlessly between their on-premise applications and the cloud. An old Gartner report almost two years ago, summarizes seven main security risks of cloud computing. The seven risks outlined were:
1) Privileged user access (what controls are in place over the administrators at the service provider who have access to your critical data)
2) Regulatory compliance (what kind of external audits and security certifications has the provider gone through)
3) Data location (what country is the data stored at and will privacy of customers’ data be guaranteed at this location)
4) Data segregation (data in a cloud datacenter is typically in a shared environment. What encryption schemes are there to ensure that private data is not delivered to another customer by mistake)
5) Recovery (what disaster recovery mechanisms are there for backup of data)
6) Long-term viability (what exit or continuation strategies are available in case of acquisition or bankruptcy of the provider)
The above list though, is not comprehensive. Moreover, current security solutions in the cloud are merely limited to security vendors that have SaaS extensions to their existing software. Security issues around protecting the platform in the cloud have not been addressed yet. A nightmarish security scenario would involve a hacker exploiting vulnerabilities in the force.com or Azure platform, and the virus quickly spreading to any applications that are run off it. Such a virus could then quickly proliferate its way to all customers using these applications. If you thought any of the MyDoom viruses of 2004 caused havoc, a virus of this scale through a cloud computing platform would bring significant business disruption. PaaS vendors such as Microsoft and salesforce.com need to assure customers of in-built anti-virus mechanisms to protect applications that run on their platforms.