Trust and Liability in the Cloud Age

Shawn DeVries and Dan Arrigan

Recently, we had the opportunity to take the message of cloudsourcing to a small group of technology executives, providers, and consulting firms. This small group forum was typical of technology breakfast seminars: someone (Appirio) acting as discussion lead on a particular topic (cloudsourcing) and facilitating this discussion through real-world examples, cloud roadmaps, and eye-opening industry trends.

Appirio employees are lucky enough to act as subject matter experts and discussion leaders among their respective local colleagues in IT and business. While these peer networking events are wide-ranging, from technical user groups to business roundtables, a common thread has emerged in conversations around cloud and SaaS: as a technical leader or business executive, how can I place trust in a cloud vendor to run 100% of my IT operations, and how do we protect ourselves against liability should something fail?

This is not a new topic, and has been discussed before among IT practitioners that have much to lose in a cloud outage or failure. The difference now versus two years ago is the momentum at which companies and organizations are moving to the cloud. In other words, companies are now moving beyond single, siloed, technical SaaS solutions and to the next “tier” of cloud adoption.

The conversation amongst the 20+ practitioners at this event was lively, with some of the typical objections and concerns raised around cloud computing. But in the end, the majority of the dialogue amongst the attendees was around trust and liability.

In this new age of cloud computing, how does a company trust a solutions provider and cloud vendor with running critical business processes in the cloud?

First, let’s talk about trust, but let’s use the executive relationship between two fictional companies as a starting point. The example scenario is typical of many vendor-client relationships. For this discussion, the meeting is an executive presentation of findings discovered through an assessment of “cloud readiness” by a cloud solutions provider.

On one side of the table is the executive management team from a large financial services firm that is looking to reduce their overall IT spend, but also improve their ability to respond to changes in the marketplace in a timely fashion. The vision of the CEO is to harness the power of technology to gain competitive advantage over their rivals in the marketplace. Something she is calling “the Money Cloud”. It’s up to the CIO to make this a reality. We will call this company “ABC GloboBank”.

On the other side of the table you have a global cloud solutions provider (say, CloudUniversal) that is positioning a whole suite of solutions to address ABC’s immediate needs, and provide a flexible platform for growth in the future. An ROI study has been performed by the CloudUniversal team to help ABC justify the partnership, and this meeting is in the Q&A stage after a very polished presentation of the study and future roadmap.

Let’s say that by the beginning of this meeting, all the tough technical points have been addressed. Nothing out of the ordinary here, at least from a technical or security perspective. The CIO is happy with the responses received on his IT team’s concerns: security, reliability, redundancy, authentication, user management, maintenance, integration, transactional efficiency, and flexibility to respond to the needs of the business. No major roadblocks are present, just the grumblings around change management, user experience, writing off the previously incurred cost of messaging infrastructure, weighing this past cost versus future costs, etc.

Additionally, the legal and regulatory teams are satisfied with the tools provided by CloudUniversal for legal discovery, tracking, and exposure to legal risk. At any given time, the legal team feels that the proposed approach will allow them to audit at a transactional level through a browser-based interface that is only accessible to a limited number of users within the legal department.

This is where the trust factor kicks in.

ABC GloboBank has to look across the table at CloudUniversal and truly believe that they can trust this well-respected company with maintaining the technology heartbeat of their company.

What if CloudUniversal is acquired by a foreign entity? What if they go bankrupt? Before, if something failed in the ABC GloboBank data center they knew that they could simply head down the hall and “wring the neck” of those responsible. Now, with data replicated across multiple, secure, secretive data centers, how does ABC maintain control? Who is held liable for damages, money lost, missed deliveries, data integrity issues?

Sound familiar? It should. These are the conversations happening every day, all over the world. From medium-sized manufacturers to large multinationals, the trust and liability conversation is front and center. Technology philosophies aside, it comes down to trust. Trust in the vendors, trust in the solution providers and system integrators, trust in the support staff, trust in the reliability, security, and scalability of the multi-tenant model that is the core of cloud computing.

“Let me state, first and foremost, that I believe the cloud can and ultimately will be trusted,” Stephen Elop, President, Microsoft Business Division said in his opening remarks during an Economist sponsored debate on whether or not the cloud can be trusted. “There is little debate about whether the cloud is a great technology evolution. The benefits of increased productivity, cost savings and improved efficiency, plus the ability to support and empower a broader range of users via the cloud are clear.”

Carefully researching the benefits of cloudsourcing is a vital stage in the development of relationship between corporations such as ABC GloboBank and CloudUniversal

And there are concrete ways in which a cloud solution provider can begin to earn your trust right from the start:

• Transparency, ranging from tours of their data centers to real-time updates on performance
• Commitment to securing independent industry certifications, for instance Statement on Auditing Standards (SAS) 70 Type II Audits
• Providing complete availability of your data, anytime, anywhere
• Best efforts to ensure application portability, use of standards-based technology where possible
• Pay as you go contracts that force cloud providers to "earn" your business every year.

When you invest in the cloud, you’re not simply getting a knife that is cutting-edge technology when you initially purchased it yet dulls over time and before long is no longer useful. Cloud technology not only keeps your blade sharper than anything you’d buy on the shelf, it constantly increases its capabilities.

“Investing in and delivering this rapid innovation without invoking an upgrade tax is a change that customers welcome and is the foundation of trust in the cloud,” Marc Benioff, Chairman and CEO, salesforce.com said in his debate with Elop.

With the cloud, your single blade soon turns into a Swiss Army Knife before your eyes, without replacing hardware, without installing installing updates, without any interactions on your part. The excitement and trust around cloudsourcing absolutely grows as a company embraces it.

For more information on moving to the cloud and to get you started asking questions, read our new whitepaper on the “path to cloudsourcing”.

Five reasons why Google is more than ready for the enterprise - Blogging for Computerworld

Ryan Nichols

Now that Microsoft has finally embraced cloud computing and taken a version of its flagship Office suite online, pundits have started to question whether Google "has what it takes" to compete in the enterprise. The Microsoft marketing machine has been hard at work in this area, but I think discounting Google's focus, resources and innovation in this space is a mistake.

Now I have a vested interest in this topic - my company Appirio is one of Google's partners. It's that experience working with Google's largest enterprise implementations that gives us some amount of insight into how Google operates that I wanted to share with this community-here are 5 reasons I think Google is more than ready for the enterprise...

Read more here...

Mythbuster Monday (Part 3 of the Series): There is a Higher Risk of Lock-In with the Cloud

Narinder Singh

The next myth in our Monday Mythbuster Series is the idea that lock-in is a bigger issue in cloud computing than with alternative models like on-premise solutions, hosted solutions, etc. It’s a topic we still see often in the press and even in sales cycles. Interestingly enough, it’s one we hear much less often once we engage with our customers in actual implementation and development projects. Perhaps that’s because they realize “lock-in” (like privacy) is a relative term and a fact of life in IT. In fact, the lines between “lock-in”, standardization, commitment, and partnership are subtle ones.

“Lock-in” - whether to a vendor, a platform, a development environment or language - has been an issue for decades and used by numerous vendors as a reason why customers should or shouldn’t move to a technology. “Don’t use Microsoft technologies or you’ll be locked in!” Yet today there are more than 8 million Microsoft developers (although this is something many are trying to change). “If it’s not built using industry-standards, you’re locked in!” Maybe, but SQL is a standard and you don’t see a lot of companies regularly switching their databases. And there’s the newest one...”If you don’t control your data and apps in house, you’re locked in!” Tell that to the companies paying millions to upgrade or rip out their legacy SAP and Lotus Notes systems (which we lovingly refer to as the asbestos of software).

My point is not that you shouldn’t be concerned with lock-in. It’s to say that lock-in is not any more of an issue with the cloud than it is with traditional software. There are however, some key differences between cloud and traditional software that companies should consider.

With traditional software you have the option to run unsupported, legacy versions of old applications as long as you want at no charge. You can’t do that with SaaS. Yet with SaaS there’s a natural buffer for abuse by the vendor that you don’t get with on-premise. SaaS vendors don’t get all their money up-front, they have to continue earning your business. And if one of the large scale SaaS providers does have a major issue, there’s a tremendous market opportunity for third-parties to come in with migration tools that only need to be written once since SaaS applications have a single application version and supporting infrastructure. Compare this to the exponential problem of trying to write migration tools for multiple versions of on-premise applications and all the flavors of infrastructure they run on, and you’ll see why migration tools for cloud apps will be more commonplace in the future.

The Real Considerations Around Lock-in

While lock-in exists, there are things you can do to balance risk with the benefits of the cloud:

• Choose cloud solutions that have full, open APIs - We’ve said this before, not all cloud vendors are created equal. This is one of the reasons why Appirio has a strategic focus on a relatively small set of leading cloud providers. Platforms from Amazon, Google, salesforce.com and Workday have a broad, open set of APIs that more people in the cloud ecosystem are writing against than other market alternatives. Robust APIs create “checks and balances” because they allow for the potential of a single migration solution to be applied to an entire customer base. This helps ensure the SaaS vendors can’t hold customers hostage (e.g. Oracle and their approach).
• Plan implementations and development around the application needs - The more proprietary APIs, protocols and languages you use, the less portable your code and data will ultimately be. But often the more you leverage these proprietary services when building or deploying an application, the faster and more easily you can move to get to a better solution. Lock-in risk should be weighed against the productivity and time-to-market benefits enabled by these more tailored tools.
• Develop the right kind of code, the right way - The more code you write or customizations you make, the more it costs to maintain and the less portability you have (this holds true in both cloud and on-premise environments). Therefore code should be used to develop and extend a solution that creates unique business value. Is that enhancement you are asking for helping create value or just creating work because its trying to reflect the way you’ve done things in the past? Code is powerful when used the right way because it represents what is unique to your business, but when applied without precision it becomes an anchor. When it is necessary, using things like components and SOA help make it more pluggable and better partitioned - resulting in something that can be moved or migrated more systematically. The cloud should make this process easier.

The Future of Cloud Lock-in

As the market matures, lock-in should become even less of an issue with cloud solutions. For one, more tools will become available to make it easier to move data to or from leading cloud providers. The evolution of standards will help here, as will the growing volume of customers on these leading platforms, making it a significant market opportunity to third-party vendors (and likely, an area of investment for VCs).

As we look into a future - one where cloud solutions will play a dominant role and where the concept of lock-in won’t ever completely disappear - consider one thing: If some degree of lock-in is inevitable, isn’t it better to be locked-in on the most advanced version of the product vs. some obsolete technology that becomes unsupported all too quickly? . Being well served by a great solution and great partners is the best protection against the cost of switching because you won’t need to switch. From that perspective, it’s a lot like marriage. Should one worry more about how to best ensure they can get out of it, or focus on making sure they find the best and most compatible partner for the long run???

Learning from an audience of cloudsourcing candidates - Blogging for Computerworld

Ryan Nichols

Last week, I summarized our webinar with Mark Newhall, an expert at corporate transformation powered by cloud technology, on the topic of "the path to cloudsourcing." Joining us for that discussion was an audience of 80 IT decision makers and influencers interested in cloudsourcing. Our interaction with these cloudsourcing candidates was just as informative as our discussion with Mark.

In this post, I wanted to summarize what we learned about the leading edge of cloud adoption, and respond to some of the questions we received.

1) Cloudsourcing is getting established as a consumption model

About half of cloudsourcing candidates already have more than 25% of their IT landscape in the cloud. For this part of the market, adoption is shifting from a few edge applications to become a much more significant part of their IT landscape...

Read more here...

Discussing cloudsourcing and corporate transformation with an "execution specialist" - Blogging for Computerworld

Ryan Nichols

I was excited to host Mark Newhall for a webinar last week on the "Path To Cloudsourcing." Mark is an expert at corporate transformation, often-times powered by cloud technology. He was a very early adopter of salesforce.com at Corporate Express, where he lead the global transformation of their customer-facing processes. As COO of Market Force Information, a customer intelligence firm, he charted out a 3 year roadmap to move entirely to the cloud, enabling a new growth strategy. He now leads Execution Specialists Group, advising C-level executives on business transformation strategies.

Our discussion focused on building, executing and measuring the success of a comprehensive cloud strategy. You can view the full webinar here-- below are some highlights from our conversation:

Tell us about your experience with Salesforce at Corporate Express. Was the adoption led by the business or by IT?

Back in 2002, our initial adoption was led by the business. It started with a couple of sales teams who adopted Salesforce and started getting fantastic results. Of course, because of this initial success, we wanted to roll out Salesforce more and that's when we started working with IT.

Read more here...

Mythbuster Monday (Part 2 of the Series) - Moving to the cloud is too hard (or too easy)

Ryan Nichols

Do any of these statements sound familiar?

• We have too many sunk costs in our existing systems to adopt new cloud technologies
• Our team doesn't have the right skills or expertise to develop or deploy on cloud platforms
• All the questions about cloud integration, security and availability make it too difficult to move to the cloud

You may have heard these (or variations of these) from people on your team, your boss and even your vendors trying to convince you that it's just too difficult to adopt public cloud platforms in your organization. "Just wait. See how things play out. It's always better to play it safe." Let's be clear - moving to the cloud isn't always easy - there's a myth about that as well (see recent Network World article by Jon Brodkin). But it's also not any more difficult than any other technology change. And since when does technology not change or progress? If you're hoping for that, this probably isn't the blog for you.

It's no secret that we at Appirio encourage people to think big about adopting the public cloud. We work with many enterprises who are pushing the envelope in their use of cloud platforms and applications, and we've heard most of the reasons why people drag their feet. We have also seen what's possible when people stop resisting and make the move. The ability to innovate faster than your competition. Move quicker and be more nimble. Get closer to your customers and serve them better. Enter new markets with less effort. The list goes on.

So why all the foot dragging? The book “Switch” by Chip and Dan Heath presents a good philosophy on why there is hesitation when it comes to thinking about a move to the cloud. The premise of this book is “for things to change, somebody somewhere has to start acting differently.” To get that one person to start the act of change can be difficult, especially when a company is tied to existing systems, specific skill sets and entrenched vendor relationships. The Heath brothers suggest a Switch Framework to break down the change until it no longer “spooks the elephant.”

We'd like to use this framework to lay out a few steps one can take to convince the skeptics in their organization that a little bit of change may be worth it in the long run.

• FOLLOW THE BRIGHT SPOTS. Investigate what’s working and duplicate it. Find a cloud application that's already being used successfully in your organization (we guarantee there are more than you think). Point out the reasons why it's so successful. Expand on that success in adjacent areas. For instance, our customer Genentech has talked publicly about how their switch from a heavy, outdated calendar application to Google Calendar contributed to other cloud successes. They've since moved thousands of employees onto Google Apps, and are always finding new applications they can build on and integrate into cloud platforms to improve productivity and compliance.
  

• SCRIPT THE CRITICAL MOVES. Think about specific behaviors you want to see. Don't wait until every solution provider in your architecture becomes cloud-based before you decide to move to the cloud. Instead, take a more proactive approach and look at the specific applications in your portfolio that are most in need of modernization or best suited for the cloud and start there.

• POINT TO THE DESTINATION. Change is easier when you know where you’re going and why it’s worth it. Most view a move to the cloud as a cost saving measure – and it is – but don’t forget about the other critical business benefits that the cloud enables - innovation, flexibility, etc. Understand the business' imperatives, and model out how cloud technologies and the surrounding ecosystem will help move those imperatives forward. Create a Cloud Adoption Plan for the next 1, 3, 5 years. Remember, the transition is not going to happen overnight but if you identify the end goal and show skeptics the path to get there, they can be part of the journey.

• FIND THE FEELING. Knowing something isn’t enough to cause change. Make people feel something. Part of motivating this feeling is finding the pain point (or the common enemy) and starting there. Many a Salesforce CRM deal happened because the sales team hated using Siebel and wanted something - anything - different. Find those people who are sick of the complexity and the overhead of Microsoft Exchange or Lotus Notes, and show them why Google Apps is a better way.

• SHRINK THE CHANGE. Break down the change until it no longer spooks the Elephant. Some organizations, especially those with a strong leadership who want a business transformation, can change by developing an overarching roadmap and forcing change through the organization. Mark Newhall from Execution Specialists Group talks about this in a recent cloudsourcing webinar. But many teams work better by breaking the problem into smaller chunks. Point to the destination, and like agile development, parse out the solution into more easily consumable chunks.

• GROW YOUR PEOPLE. Cultivate a sense of identity and instill the growth mindset. Yes, people may shy away from change but they also don't want to stay stagnant. Show them why incorporating cloud development or cloudsourcing skills into their repertoire will not only help the organization, but will better prepare them for the cloud-centric world of tomorrow.

• TWEAK THE ENVIRONMENT. When the situation changes, the behavior changes. So change the situation. If certain groups in your team are cloud-phobic, start your path to the cloud with another team that is more open to the journey. Or create a separate group inside your organization that has the charge of evaluating cloud technologies or platforms, and apply it to a specific problem.

• BUILD HABITS. When behavior is habitual, it’s “free” so look for ways to encourage habits. When you're evaluating new technologies or systems, make it a habit to ensure half (or more) of the options include SaaS or cloud-based technologies. For example, at Appirio we don't believe in reinventing the wheel (one of the biggest issues with traditional on-premise technology). So whenever we're developing a new solution, we always start with what we can tap in the open source community or the existing cloud ecosystem. If that won't suffice for our, and our customer's needs, then we build.

• RALLY THE HERD. Behavior is contagious. Help it spread. Once people have a taste of cloud innovation, it can be addicting. Remember to keep highlighting successes to keep up motivation. When a prototype is created in days rather than months, show it. When you get some new innovative features in your SaaS application without the cost of an upgrade, talk about it. When you can deploy in multiple languages because you built on a cloud platform, celebrate it.

It's an inherent human trait to fear change, but little in the world has been accomplished without it. If you can make that change palatable, then just maybe you won't stall progress.

Cloudforce 2 San Jose Wrap-up: Chatting from Salesforce's Cloudforce event - Blogging for Computerworld

Ryan Nichols

Yesterday I attended salesforce.com's "Cloudforce" event for the official launch of "Chatter," the company's new social networking functionality for the enterprise.

Salesforce kicked off the event with this context: To reach 50 million users, radio took 38 years. TV took 13 years. The Internet took 4 years. Facebook did it in 5 months. "This is how the world is communicating," said salesforce.com. "Someday the business world will too. Welcome to Someday."




There's no doubt that the way people collaborate in most companies could use some improvement (full inbox, anyone?) Marc Benioff, salesforce.com's CEO, bashes collaboration tools that were "conceived of before Mark Zuckerberg was." His response to this is Chatter, which he describes as "Facebook for the enterprise."

The general collaboration concept behind Chatter isn't new. After all, collaboration has been offered through software as a service ("SaaS") for years -- solutions like Jive, Yammer, and CubeTree have seen solid adoption, particularly in small and medium businesses.

But salesforce.com has a much different approach than other solutions -- they're making Chatter a core part of their cloud platform. Chatter moves collaboration from the SaaS "layer" of the cloud to the platform as a service layer ("PaaS"). This has a couple of implications for the enterprise...

Read more here...