Until recently, companies were only warming up to the possibilities of cloud computing. Lately, however, for many enterprise-IT decision makers, cloud is hot, hot, hot.
"Enterprises Advance into the Cloud: 2011 IOUG Survey on Cloud Computing," based on a survey of 257 information technology and data managers and professionals, finds that large segments of organizations are embracing both private and public cloud computing for enterprise computing needs. The survey, conducted by Unisphere Research, a division of Information Today, Inc., among members of the Independent Oracle Users Group (IOUG) finds 37% of respondents now have private cloud computing efforts underway within their enterprises, up from 29% in a similar survey conducted in August 2010. This is also the case with public cloud deployments as well, with 21% using public cloud services in a meaningful way, up from 14% in mid-2010.
The stronger embrace of cloud accompanies a change in attitude among enterprise IT managers. "The initial reaction to cloud computing by large enterprises-and this was just a couple years ago - was very defensive," John Thielens, chief architect of cloud services for Axway, tells DBTA. "Data security was the big unknown, but it wasn't long before the cloud's economic advantages became so inexorable-so compelling, so certain-that enterprises have been forced to take the cloud seriously."
The sea change now underway means many companies are quickly moving from "dipping their toes into cloud computing" to a full-fledged immersion, says Thom VanHorn, vice president of marketing for Application Security, Inc. In 2012, expect to see those same companies dive right in. "The move will only accelerate," he tells DBTA.
The major issues related to cloud are likely more cultural than technical at this point, agrees Dave Rosenberg, CEO of Nodeable. "There is a diminishing cadre of sys admins that want to keep everything behind the firewall. The main blocker at this point is that applications have become too disparate to manage in a consistent manner. This isn't a reason not to use cloud, rather it requires a mindset that accounts for data sources living outside of corporate IT shops."
Along with more widespread adoption, cloud deployments are growing ever deeper as time goes on. "Some companies plan to spend more than a fifth of their IT budget on their cloud environment in 2012," Rick Wright, principal and global cloud enablement leader for KPMG, tells DBTA. "A third of respondents to a KPMG survey released in October say cloud will fundamentally change their business." Does that mean that cloud is finally ready for the enterprise? "The question should be, ‘is the enterprise ready for cloud?'" Wright says, noting that cloud presents a unique opportunity for business-IT alignment.
Data Mines
Much of this alignment may occur as enterprises use cloud offerings to explore opportunities for leveraging corporate data. Cloud, for one, may offer more efficient ways to handle data. "With the rapid increase in the volume of unstructured data within the enterprise, the cloud becomes an effective approach not only to store the data scalably, and with redundancy, but also to run large computations on the data set in a scalable manner," says Shriram Natarajan, cloud practice head for Persistent Systems. "When enterprises look to upgrade their legacy data systems, cloud adoption and large-scale analytics are the cornerstones of their strategy," he tells DBTA. "We see the move toward the cloud (public, private, or hybrid) rapidly accelerating over the next few months.
Cloud is also playing a supporting role in another critical data application area-business analytics. "Recent advances in big data analytics provide the capability to rapidly answer business questions in such large volumes of unconnected and unstructured data," Scott Russell, product manager at Sumerian, tells DBTA. "With standardized management comes a more predictable capability to mine for data and provide a faster turnaround for actionable insight."
Cloud will increasingly demonstrate its value and meddle with the continuing explosion of big data, Alex Salkever, director of product marketing at Joyent Cloud, points out. "As the amount of data collected and transmitted by some 15 billion IP-enabled machines-from smartphones to tablets to intelligent building controls to vehicle tracking systems-continues to increase, it will quickly overshadow all human-generated data," he tells DBTA. And, he notes, "As enterprises embrace the cloud for its promise of efficiency in machine-to-machine computing, the arrival of the Internet of Things will force cloud computing to become more enterprise-friendly and more like the internet."
Insecure and Kludgy Too
There is still a lot of work and planning that needs to be done before cloud and the enterprise are ready for each other, however. "Adoption has yet to reach the tipping point where we expect to see a dramatic increase in the number of enterprises relying on cloud computing," Bob Nolan, managing partner at Halyard Capital, tells DBTA. "Once businesses understand that the overall economic benefits and the security and reliability issues are addressed, then we are confident that the adoption rate will accelerate more rapidly."
Cloud computing "is not ready for the enterprise-not until issues related to security and policy control are addressed properly in virtualized environments," agrees Peter Doggart, director of product marketing for Crossbeam. "Most enterprises today are eager to take advantage of the cloud, and have already virtualized different areas of the data center," he tells DBTA. "But their security infrastructure often remains exactly as it was in the physical world-making it far too kludgy, inflexible and slow to keep up with virtualized environments."
In addition, organizations need to pay greater attention to where applications and data are being stored and run. "Ultimately the enterprise that owns the data is responsible for safeguarding it regardless of whether they use traditional or cloud solutions," explains AppSec's VanHorn. "No service agreement is going to exempt these data owners from ultimate financial responsibility." VanHorn doesn't see security concerns necessarily as a showstopper for cloud, however. "Over the next few years, as public cloud vendors prove that their environments are secure, you can expect to see more enterprises and SMBs move to that environment," he says.
In fact, there may be instances in which cloud providers can provide a much higher level of security than many businesses-especially smaller ones-are able to provide on their own. "Good providers will be laser-focused on security and they will have the additional advantage of being able to employ the highest level of security expertise-expertise that many businesses would never be able to afford," George Watt, vice president of strategy, enterprise, and cloud solutions for CA Technologies, tells DBTA.
Security is actually just one of the concerns that executives may have with relying on on-demand services for critical functionality and data management. "There are compliance issues-real issues-with some public cloud models, mostly related to where data is stored and how it is protected," John Treadway, practice director for cloud and data center transformation with Unisys, tells DBTA. "IT might not even know where data is being hosted, and that has an impact in terms of auditability and compliance with Sarbanes-Oxley, HIPAA, PCI and other regulations."
Treadway also sees other issues emerging with governance of cloud services. "With business users making their own choices, governance and compliance is a real risk," adds Treadway, who advises against rushing into cloud decisions. "Remember, some systems just don't get any benefit from moving to the cloud, either because of architecture or data issues, and they may not move soon."
Availability is also an issue, especially with public cloud services - as evidenced by the problems created for businesses as a result of Amazon Web Services' outage in the early spring of 2011. "While enterprise IT is starting to reap the benefits of computing on-demand, it is also discovering that cloud has the potential to magnify mistakes and problems at an overwhelming rate as well," Shawn Edmondson, vice president of product strategy at rPath, tells DBTA. "Recent high-profile production outages at Amazon and security breaches at Sony have drawn attention to a longstanding but under-reported risk to modern business: a growing dependency on IT systems that aren't fully under control - and even less so, thanks to the fact that they are now located in the cloud. Adding layers and layers of technology has made modern business more efficient and profitable, but this has also made organizations more susceptible to catastrophic failures."
Budgets and Best Practices
Budgets for both public and private cloud initiatives are on the rise, the IOUG survey also finds, with more than one-third of respondents seeing increased funding for private cloud initiatives over the past year, versus only 2% reporting cutbacks. Most respondents expect to achieve cost savings through cloud initiatives, along with greater availability and system response times. However, organizational - not technical - challenges are making it difficult to achieve these goals.
"Executives should be concerned about a number of things, including change management within their organization," KPMG's Wright points out. "Cloud will fundamentally change businesses, and that change will need to be managed. The company needs a cloud strategy, with established parameters for adoption and a governance framework that can help monitor and manage how data is gathered, stored and manipulated."
There are best practices for IT teams seeking to better manage the performance of their cloud-based applications, says Lloyd Bloom, senior product manager for Compuware Corp.'s Cloudsleuth line. "The first key step is to know why you're going to the cloud and what performance levels you expect, which should be determined based on performance requirements for end users," he tells DBTA. "For a business using cloud services on occasion to support behind the scenes, back-end applications like number-crunching, slight and infrequent dips in application performance may be tolerable. But for a business using cloud computing to support a high-visibility application or service for a worldwide base of end users, unpredictable stumbles on the part of the cloud service provider are just unacceptable, and there must be specific guarantees regarding the speed and availability of cloud-based services written into these cloud contracts."
The service-level agreement is the keystone of any cloud arrangement, experts agree. Compuware's Bloom advises managers to "commit to measuring and monitoring the actual experiences of end users - not just the SLAs that the service provider finds convenient - before, during, and after contracting with a cloud service provider." Take time to "negotiate the service-level agreement carefully," HK Bain, CEO of Digitech Systems, tells DBTA. "The SLA explains the vendor's responsibilities for system uptime and access, which can have a dramatic impact on your business continuity. You should demand, and expect, uptime guarantees above 99% with penalties for vendors who fail to supply it. The best cloud suppliers will also deliver a copy of your data to you in any location and on any schedule you want."
Most importantly, a successful cloud arrangement boils down to how data is managed. "Questions around the cloud have evolved-from ‘Can I have a software version of that?' to ‘Am I compliant with an in-country residency requirement? Can I store that in Turkey?'" says Axway's Thielens. "That shift characterizes how the discussion has matured. It's not even about private cloud versus public cloud versus non-cloud. As regulatory pressures increase and new requirements appear, some data will have to remain on-premise."
Ultimately, the move to cloud is part of an unprecedented opportunity for business transformation, some experts observe. "Companies have an opportunity to take the technical out of the technology, and take a business-centric approach to technology," says KPMG's Wright. "Rather than suggesting a systems upgrade, the conversation should focus on the business drivers and how the upgrade can support these business drivers. Rather than consolidating the technical footprint into a new system, executives need to make a case for how an upgraded system can be a lever for transformation. Rather than simply install a system that will have limited impact on day-to-day activities, consider how an upgrade can support or resolve larger business issues."
Look and Smell
A decision that needs to be made early on in the process is whether to build out a private cloud infrastructure using on-site IT resources, or to subscribe to outside cloud offerings from third parties. The IOUG survey also finds more organizations are replacing their existing systems with outside cloud services, and using outside cloud services for new applications. The role of IT departments and management committees in managing private and public cloud efforts has increased over the past year as well, reflecting the increasing centralization of cloud efforts within enterprises.
Along with perceived security, private clouds are a draw to IT executives because they "look and smell very similar to what they are comfortable with, data centers filled with servers and complicated software," John Barnes, CTO of Model Metrics, Inc., tells DBTA. "For some situations it is a good choice, especially if a corporation is required to keep data within the company for regulatory requirements. "
The key to private cloud deployments is having a successful virtualization strategy. However, virtualization can be a daunting project, Barnes cautions. "Adding a private cloud layer on top of this to automate provisioning and de-provisioning of servers and storage is no small task and can take months and sometimes years to implement," he explains. Even after a successful implementation, the relative "spiky" nature of cloud computing may keep existing systems underutilized, he adds.
Not All Clouds Are Created Equal
Companies need to evaluate the types of applications and requirements when deciding between private and public cloud services-or even whether to adopt cloud at all. "Not all clouds are created equal," CA's Watt cautions. "Companies need to keep an open mind to solutions that might offer value to their businesses and the consumers they serve-regardless of whether or not they are cloud-based solutions. Key details such as application and platform security, built-in and built-on resilience, service level agreements, contractual commitments, and vendor reputation and track record need to be always be considered when choosing cloud-based solutions."
The types of workloads being deployed will also determine whether clouds will be private or public. "Companies that have well-understood temporary and production workloads, and require tight integration and proximity to data will implement private clouds," Keao Caindec, senior vice president and chief marketing officer at OpSource, a Dimension Data Company, tells DBTA. "Other companies will start by migrating testing and development to the cloud or moving non-mission critical applications to the public cloud to evaluate security, risk and efficiency, and cost. Companies that have already realized the benefits of using the public cloud will then expand their usage or build their own private cloud."
Even with the private cloud, "organizations are still at risk for error-a problem compounded with today's approach to private cloud build-out," says rPath's Edmondson. "Applications are the true business drivers, not infrastructure-but getting them up and running is still just as time-consuming as ever, regardless of whether you're running a public or private cloud."
Best of Both Worlds
Overall, the IOUG survey finds, private cloud adoption is outpacing adoption of public cloud services, and delivering more visible results, as well. Cloud services are carrying larger workloads within organizations. More than one-third of respondents (37%) report that they now use or offer between one and 10 services through a private cloud. In addition, a large segment of organizations adopting public cloud services have already replaced applications offered by their own IT departments.
Still, the road to public cloud computing may go through private cloud implementations. "Organizations are realizing that, in order to position themselves for a more comprehensive and robust public cloud as it matures, they need to clean up and streamline their evolved infrastructure into a centralized private cloud," Jack Wilson, virtualization practice principal for Creative Breakthroughs, Inc., tells DBTA. "The problem is companies can't just wholesale replace all their legacy systems, but there is a way to move from where they are to where they want to be in the next few years - a strategic roadmap."
The best strategy in many cases will be to rely on mixed-cloud environments. "Depending upon whether you're hosting websites, collaborating with coworkers on office documents, or running scientific calculations, cloud computing will be adopted along different paths in 2012," says Jason Stowe, CEO of Cycle Computing. "For scientific and technical computing, the cloud adoption will continue to be a major option. We think 2012 will see continued adoption of both public external clouds and internal cloud deployments."
Either way, both public and private cloud approaches offer equal value to the business, Yves de Montcheuil, vice president of marketing for Talend, tells DBTA. "One is not better than the other - it all depends on what you want to do," he says. "Private cloud is very useful to pool IT resources and offer internally a platform-as-a-service infrastructure. Public cloud brings virtually unlimited elasticity and scalability, but less control. At the end of the day, as long as you can integrate both, and integrate them with on-premises systems, which mode you use doesn't really matter."