I continue to encounter an interesting phenomenon regarding cloud computing as I speak at conferences, present to IT groups, and talk to businesspeople interested in the subject. Most people recognize the importance of cloud computing, acknowledge the relevance to their environments, and describe their initiatives.

However, one thing I often hear is that while Amazon is the clear leader in cloud computing, "it's mostly used by SMB organisations." In other words, public cloud computing is not being used by big enterprises. And, people add, even if large companies are using public clouds, it's for "unimportant" applications. The canonical example offered by people making this observation is that "no one is moving SAP to the cloud."

What I find interesting about these discussions is how poorly they match my experience and observations. From our experience, Amazon and its fellow on demand cloud providers like Rackspace are being used by large organisations quite a bit, for important applications, and certainly the use is increasing.

So why the disconnect between actual facts on the ground and perception?

Who led the open source charge? Developers

I've long thought that the rise of on demand cloud computing reminds me a lot of the adoption of open source, and that perspective was reinforced by a couple of blog posts I read this week by Stephen O'Grady of the analyst firm RedMonk.

The first is his discussion (titled "Meet the New Kingmakers, Same as the Old Kingmakers") about a Forrester report analysing open source adoption within enterprises. The report found significant use, buttressed by survey results and other facts. In his post, O'Grady mildly criticised Forrester for coming to a conclusion that RedMonk did four years ago.

RedMonk, he explains, believes that developers are the true decision makers in organisations and from its interactions with those type of folks, RedMonk knew years ago that open source was being used in a big way. Forrester, he notes, surveyed CIOs and senior IT decision makers, that is, management. He quotes a post by former Red Hat sales exec Billy Marshall that "CIOs are the last to know," meaning, IT organisational decisions are actually made bottom up (i.e., by developers), and that senior management perception lags reality by a significant margin.

O'Grady states: "We are founded upon the idea that developers are the single most important constituency in technology. Open source dramatically lowers the barriers to adoption, such that developers may build upon what they want rather than what they're given." Both O'Grady and Marshall emphasise that developers use open source because it makes doing their job easier.

The implication for organisations, as Marshall's anecdote illustrates, is that decisions made by developers create commitments for the organisations they are part of, commitments that the organisation does not recognise at the time they are made by the developer. They may in fact be decisions that, had the organisation understood them at the time they were made by the developer, would have been eschewed. The result is that two or three years down the road, these organisations "discover" technology decisions and applications that are based on choices made by developers without organisational review.

This may account for the curious lack of respect given Amazon on the part of IT organisations and vendors. O'Grady addresses this in a second post titled "Hiding in Plain Sight: The Rise of Amazon Web Services." In it, he primarily addresses the fact that most technology vendors evince little fear of Amazon, preferring to focus on private cloud computing environments. He attributes this, in part, to the vendors' desire to keep traditional margins rather than descending into a pricing battle with Amazon.

I might attribute it to a different factor: Vendors primarily seek to talk to senior management, those who control budgets that pay for the vendors' products, and, as we've just noted, those managers often miss the reality of what developers are actually doing. Consequently, they won't be telling vendors how much public cloud is being used, and the vendors will respond with the time honoured "we don't really see them much in competitive situations". I used to hear this a lot from proprietary software vendors about the open source alternatives to their products.

Make no mistake about it, developers are using public cloud computing, a lot. We certainly see it in our daily business interactions. The high level of usage (and its somewhat clandestine nature) was illustrated at a conference earlier this year when one CIO noted that he had gone through the expense reports turned into him for reimbursement and found 50 different cloud computing accounts being used by developers in his organisation. The reason? It's a lot easier for a developer to obtain computing resources from a public cloud provider than to undergo the extended waits typical of the existing compute environments.

The upshot of all this is that today decisions are being made by developers about use of cloud computing that upper levels of the organisation are unaware of (the CIO just cited is undoubtedly an exception to the general rule). A corollary to this is that IT organisations will discover new public cloud-based applications in a year or two that they had no idea were being placed in those cloud environments.

The ramifications to this are significant:

1. Organisations will be taking on operational responsibility for applications located in cloud environments for which they are unprepared.

They will need to quickly get up to speed on the cloud environment and learn how to operate an application within it. This will include the need to retrofit monitoring, security and management into applications, as developers often fail to address these areas because they are not required for application functionality. We refer to this responsibility migration as the "cloud boomerang." You can see a video we created that describes this phenomenon in greater detail here.

Action: You should have your operations people evaluate how to take over operational responsibility for external cloud applications.

2. Compliance requirements will need to be analysed for these "discovered" applications.

Changes to the applications, or even migration from their initial cloud hosting locations, may be required to bring the applications into conformance with the requirements of governmental and industry laws and regulations. Given the significant semantic differences among IaaS public cloud provider functionality, this will be more challenging than item number one, above.

Action: You should set up a remediation team with skills in these different areas so that you are prepared to respond when an unknown application running on the public cloud surfaces.

3. Investment patterns of IT spend will be modified in a stealthy fashion

This change will happen not deliberately, but unconsciously. While public cloud computing is relatively inexpensive (the complaint of vendors as described in the second of O'Grady's posts), the costs mount up as applications scale and as applications multiply like rabbits (as they inevitably do, that was certainly the pattern with open source, as one project achieved success with open source components, other projects embraced the solution as well). At some point, someone will notice that a bunch of money is being spent on public cloud computing and figure out that it represents some significant fraction of total IT spend. At that point some will call for the cloud spend to be curtailed, while others will assess the benefits being achieved by those cloud applications and conclude that maybe the cost cuts should fall on the internal IT budget.

Action: You should have your finance people looking through expense reports and have others sniffing around to see what use of public cloud computing is being done in other parts of the organisation. Don't be the last to know.

And by the way, that shibboleth about "no one's going to run SAP up in the cloud"? In a somewhat ironic milestone his week, SAP announced that a portion of its on-demand offering has been migrated to AWS. Perhaps a new example of how public cloud computing isn't sufficient to meet the real needs of enterprises needs to be found.