Cloud computing is still in the testing and experimental space for many organizations, but its benefits are becoming clear to many. Cloud is rapidly shifting from a world of hype and possibilities to one of practical application, and CIOs that haven't already considered what cloud means for their business need to step up the pace.
That was the consensus of six panelists brought together by information exchange solutions specialist IntraLinks in a roundtable discussion in New York last week.
The promise of cloud computing
"You think about technology waves, and every once in a while you get one that you know is meaningful, that actually changes the way companies spend their money and invest in solutions; it actually changes the way the tech industry itself is shaped, and cloud computing is one of those things clearly," said Ted Schadler, vice president and principal analyst with Forrester Research, who moderated the panel.
"I got interested initially in cloud because of the pricing model: the fact that I could potentially buy capacity as I needed it and pay for it as OpEx instead of CapEx," he said. "That essentially lowers the bar for innovation because I can build something quickly and deploy it quickly. This is a hugely important phenomenon in cloud."
"It was also a major driver of open source, where if I could get a server for free in Linux and deploy it, I could as a developer actually try something out," he said. "The cloud just took that and blew it out on steroids. There's probably not a single startup that comes through my office, and probably not through yours, that isn't deploying on cloud infrastructure. They might keep the customer database in their own data centre, but all their storage and all their compute sits on Amazon or it sits on Rackspace or it sits out there somewhere in the cloud. That is a huge opportunity for innovation, for things that change the way companies work together. You see this now reflected in the investments of the major infrastructure providers. You also see it reflected in the growth of companies like Salesforce and Google. Google Apps for Business, Google Apps for Government, that's a billion dollar business today."
Schadler noted that Forrester's discussions with CIOs indicates that cloud computing is a top of mind consideration for most. And he said that most organisations are not looking to the cloud as a method of cost management, but for "extension" - the capability to take their business in new directions faster.
Sultan Khan, Global IT Strategy & Governance Practice Head at Tata Consultancy Services (TCS), agreed.
"What we're seeing is that every CIO is thinking, talking and doing something about cloud, clearly with a very reasonable degree of maturity," he said. "We recently conducted a survey with our clients and found that 10% or less of the cloud-based solutions are actually out in the public space. Today, close to 90% of the solutions sets are being developed within the internal cloud space. What is interesting is when you ask them about where they are going by 2015, a lot of them see that ratio being 30% or so in the public service space. There is a definite shift towards not only cloud, but also taking it from the inside to the outside."
Practical cloud computing
Philip Jacob, senior director of risk management at Axioma, a provider of optimisation software and financial risk modelling software for the financial services industry, said his organisation has turned to the cloud-and specifically Microsoft Azure-to provide the raw computational power for its services rather than build out new servers each time it takes on a new project.
"It's allowing us to be able to plan much more effectively," he said. "We don't have tell our clients in advance, "here's the level of service we can offer you." We can tell them, "here's the potential," and then we can just buy on demand the services necessary to do whatever and however complex calculations they require."
Jacob noted that such a model allows Axioma to be much more efficient as well, because most of the demand for its risk management reporting only occurs for about eight hours a day. If the organisation bought hardware to serve its needs, it would sit largely unused for 16 hours a day.
"It's a way to only get the capacity when we need it, but also not to have to plan what could be very large potential acquisitions in advance," he said.
David Goodman, chief technology officer of the International Rescue Committee (IRC), an organisation founded at the recommendation of Albert Einstein to rescue intellectuals and artists from the Nazis, said the cloud allows his organisation to better allocate staff resources. Today, IRC provides humanitarian services to refugees around the globe. Goodman leads a staff of 26 based in New York and Nairobi, overseeing teams focused on infrastructure, application development and project management. He is also responsible for RescueNet, the organisation's global intranet.
"I have a lot of things I have to do," he said. "I've got all the problems of a global organisation and very few of the resources. I have to make sure that my staff is working on the stuff that really needs doing and try to push out the rest of the stuff. Email is a great example. It's the most important thing we do, but I don't think we need to be top-level Exchange architects and administrators. Other people will do that perfectly well. Storage is another example. I don't really want to deal with storage anymore, so I give that to somebody else. That gives my staff an opportunity to focus on the things we have to be excellent at, which is delivering services to local field organisations.
Ari Lightman, director of the CIO Institute at Carnegie Mellon University noted that he sees the enablement of a mobile workforce as one of the most promising aspects of cloud computing. He pointed to Cedars-Sinai Medical Center, which now gives every new intern an iPad rather than deal with flip charts.
"They know where they are and they know how to push information to them," Lightman said. "That makes them more productive and allows them to deliver better care."
TCS's Khan agreed, adding, "When we think about mobile, it's a natural fit. What is your mobile strategy and how do you deliver mobile to your clients? So, cloud is a perfect fit as a means to deliver mobile solutions to your clients and the market and so forth. I think the key we find with that is that most organisations tend to start with mobile solutions and then realise they need to take a step back and ask what is our mobile strategy? What is it we're trying to achieve and then jump to a solution."
Cloud computing challenges
But the cloud is not without its challenges, Goodman said.
"The cloud is an interesting challenge," he explained. "We have issues with power, so the cloud is not quite the thing for us that it is for the rest of the developed world."
He also noted that unlike many organisations that see the capability to pay for services with OpEx rather than CapEx, in the non-profit world OpEx is more difficult. It's much less challenging to raise funds for a capital expenditure than increase ongoing costs, he explained.
Socio-mobility is another problem, Lightman noted.
"Bandwidth: it's a limitation," he said, especially when it comes to mobile. "When you get into the mobile architecture, you have different sorts of companies that come into play. Wireless carriers, regulators, content providers. Now we're seeing data throttling. If you have company-specific information that needs to get done on mobile, and you need to ensure that it gets to the right source, it becomes difficult when when you have data throttling."
IRC's Goodman agreed, noting that Software-as-a-Service can sometimes make things harder, especially in the environments his team works in, because you can't manage performance in the same way.
"SaaS has all the advantages that we know about in the cloud, but sometimes the big disadvantage, which for us can be a killer, is I can't put it behind my Riverbeds and optimise it," Goodman said.
It should also come as no surprise that both the audience and a number of panelists saw security as a challenge for cloud computing.
"In our experience, the number one challenge or concern that companies have about cloud is security," Khan said. "That's the biggest challenge and concern they raise."
While Khan acknowledged that some concerns are justified-notably reluctance to put customer data in the cloud - he also noted that it's more an issue of confidence and change-management strategy. Business leaders in the organisation need to be convinced that the new way of doing things is not going to put the organisation at risk.
Fahim Siddiqui, chief product officer of IntraLinks, said it's all about building trust.
"First and foremost, it starts with trust," he said. "There has to be a view that this is a trusted place to go work when you are virtually working within the context of an application. Trust is built through a combination of not just technology, but also application security, not just that but also people and process security. When you combine that, there's a certain posture you have, that this service is a place that I can trust with my information, and my information is protected in terms of visibility, access and auditability."
"The choice of a cloud is not very different than the choice of an ERP application," Siddiqui added. "It's an enterprise architecture choice. What you have to really understand first and foremost is what are your points of extension? Why do you need the cloud? Do you need it for compute resources at the infrastructure level? Do you need it for certain specific resources, like storage? Or do you trust it for certain business-critical transactions which are out in the wild anyway, but today maybe they're being conducted on FedEx and email, or in some cases people carrying physical copies outside your four walls. In each of those instances, you have to construct what are the appropriate weak points and what are the security ins and outs?"
Goodman agreed, adding, "The real point is that when we talk to vendors about security, you know if they're serious about it. You do all the things you're supposed to do, you audit, but at the end of the day you can tell whether a company thinks security is a critically important thing or not."