- A TechNote on The Next Generation
- Jim Metzler
- Distinguished Research Fellow and Co-Founder
- Webtorials Analyst Division
Cloud service offerings for enterprises are moving beyond basic mainstream packaged software solutions. They now include a broad array of functions traditionally considered the exclusive domain of IT. The availability of so many new services from cloud providers is certain to pose new questions for IT organizations as they decide which services to get from the cloud, which ones to keep in-house and how to plan for changes in that mix.
When cloud computing first began to make an impact in the market several years ago, it was most often associated with offerings from software-as-a-service (SaaS) providers such as Salesforce.com or infrastructure-as-a-service (IaaS) providers such as Rackspace. Enterprises would acquire mainstream enterprise applications such as customer relationship management (CRM) or enterprise resource planning (ERP) as a SaaS. Or they'd procure basic compute and storage services in the form of an IaaS.
Mainstream enterprise SaaS application services and IaaS compute and storage services continue to grow. But cloud providers have recently begun to also offer an even broader set of cloud networking services - services historically provided by the IT infrastructure group.
Kitchen Sink Cloud Services
Among some of the latest cloud services are VoIP, unified communications, network and application optimization, security and management. It's almost to the point that any service or solution IT once offered or supported has a cloud counterpart available.
The emergence of this new set of solutions poses a new challenge for IT organizations. Not only does IT still have to manage, optimize and secure traditional cloud computing solutions, but it now must also determine which of the traditional IT services it should continue to provide itself and which ones it should procure from a cloud provider.
When evaluating these solutions, IT organizations need to determine whether a cloud service offering eliminates, or at least minimizes, the negative aspects of public cloud computing. According to the Webtorials market research report, "Cloud Computing: A Reality Check and Guide to Risk Mitigation", security concerns have been the primary impediment to the adoption of public cloud computing solutions. Hence, evaluating the security of the cloud provider's facilities is a critical component of evaluating the overall solution.
The IT organization must determine whether the provider's implementation of a multi-tenant environment compromises security. Can the provider maintain compliance with corporate and regulatory standards while still leveraging the cost benefits of the provider's shared infrastructure and improved operational efficiency?
Making the task harder is that there is no widely accepted framework for securing a cloud environment. The IT organization can ask potential providers to reveal the results of third-party security audits they might have undergone and/or to provide references from existing customers who are subject to the same compliance requirements.
Also, Gartner, Inc.'s Global IT Council for Cloud Services has defined six rights of cloud service consumers to help providers and their customers create and maintain successful business relationships (see April 9, 2012 TechNote on Unified Communications, "7 Must-Haves in a UC Cloud Contract.")
Consider Security, Cost, Agility
Just as important as security is whether the solution actually provides the benefits that drive IT organizations to use public cloud computing solutions - lowered costs and reduced time to deploy new functionality. Cost information provided by the provider should enable the IT organization to determine whether the service provides a compelling cost advantage. The provider's agility in deploying new services could depend on the degree to which it has virtualized its data center infrastructure, since a virtual infrastructure is notably easier than a physical infrastructure to initialize, scale and migrate.
As IT organizations anticipate and plan for cloud-driven changes, they should evaluate emerging new services in the same way they would evaluate any public cloud networking service. Meanwhile, they should keep in mind that it's not an all-or-nothing choice. For example, though it is highly unlikely that an enterprise IT organization would entrust all of its security requirements to a public cloud service, it might use such a service to gain an additional level of security that enhances its overall defensive security strategy.
And while the ongoing adoption of cloud computing continues to fundamentally change IT, we should remember that IT organizations have been "out-tasking" various functions to third parties for decades. The use of cloud services is just one more example of out-tasking, and as such it requires expert vendor-management skills.
When cloud computing first began to make an impact in the market several years ago, it was most often associated with offerings from software-as-a-service (SaaS) providers such as Salesforce.com or infrastructure-as-a-service (IaaS) providers such as Rackspace. Enterprises would acquire mainstream enterprise applications such as customer relationship management (CRM) or enterprise resource planning (ERP) as a SaaS. Or they'd procure basic compute and storage services in the form of an IaaS.
Mainstream enterprise SaaS application services and IaaS compute and storage services continue to grow. But cloud providers have recently begun to also offer an even broader set of cloud networking services - services historically provided by the IT infrastructure group.
Kitchen Sink Cloud Services
Among some of the latest cloud services are VoIP, unified communications, network and application optimization, security and management. It's almost to the point that any service or solution IT once offered or supported has a cloud counterpart available.
The emergence of this new set of solutions poses a new challenge for IT organizations. Not only does IT still have to manage, optimize and secure traditional cloud computing solutions, but it now must also determine which of the traditional IT services it should continue to provide itself and which ones it should procure from a cloud provider.
When evaluating these solutions, IT organizations need to determine whether a cloud service offering eliminates, or at least minimizes, the negative aspects of public cloud computing. According to the Webtorials market research report, "Cloud Computing: A Reality Check and Guide to Risk Mitigation", security concerns have been the primary impediment to the adoption of public cloud computing solutions. Hence, evaluating the security of the cloud provider's facilities is a critical component of evaluating the overall solution.
The IT organization must determine whether the provider's implementation of a multi-tenant environment compromises security. Can the provider maintain compliance with corporate and regulatory standards while still leveraging the cost benefits of the provider's shared infrastructure and improved operational efficiency?
Making the task harder is that there is no widely accepted framework for securing a cloud environment. The IT organization can ask potential providers to reveal the results of third-party security audits they might have undergone and/or to provide references from existing customers who are subject to the same compliance requirements.
Also, Gartner, Inc.'s Global IT Council for Cloud Services has defined six rights of cloud service consumers to help providers and their customers create and maintain successful business relationships (see April 9, 2012 TechNote on Unified Communications, "7 Must-Haves in a UC Cloud Contract.")
Consider Security, Cost, Agility
Just as important as security is whether the solution actually provides the benefits that drive IT organizations to use public cloud computing solutions - lowered costs and reduced time to deploy new functionality. Cost information provided by the provider should enable the IT organization to determine whether the service provides a compelling cost advantage. The provider's agility in deploying new services could depend on the degree to which it has virtualized its data center infrastructure, since a virtual infrastructure is notably easier than a physical infrastructure to initialize, scale and migrate.
As IT organizations anticipate and plan for cloud-driven changes, they should evaluate emerging new services in the same way they would evaluate any public cloud networking service. Meanwhile, they should keep in mind that it's not an all-or-nothing choice. For example, though it is highly unlikely that an enterprise IT organization would entrust all of its security requirements to a public cloud service, it might use such a service to gain an additional level of security that enhances its overall defensive security strategy.
And while the ongoing adoption of cloud computing continues to fundamentally change IT, we should remember that IT organizations have been "out-tasking" various functions to third parties for decades. The use of cloud services is just one more example of out-tasking, and as such it requires expert vendor-management skills.
Dear Jim,
thanks for this interesting article and for sharing the ideas.
Regards
Abderrahim