Mythbuster Monday (Part 5 of the Series): Private Cloud is a Good First Step to the Cloud

Balakrishna Narasimhan

Today’s myth centers on private clouds. Private clouds are among the most hotly debated topics in enterprise computing and have as many ardent fans as virulent skeptics.

We’ve written about private clouds quite a few times before. Our focus in the past has been around the first myth related to private clouds - that they provide the same types of benefits as public cloud solutions. We first refuted this myth in early 2009 when we predicted that private clouds would rise and fall in 2009 (guess we were wrong on that one!). Phil Wainewright chimed in earlier this year predicting that 2010 was the year when private clouds would finally be discredited. The discussion has continued unabated including this fantastic discussion we had on SandHill a few months ago. Our position remains the same, private cloud is really a fancy term for better ways to run your datacenter such as virtualization. And while virtualization has a clear ROI, it stops far short of what’s possible by moving to higher-level platform-as-a-service (PaaS) and software-as-a-service (SaaS) technologies. But we’re not here today to rehash that argument.

Instead, we’re going to focus on the second and less widely refuted myth around private clouds - that they’re a good first step to the public cloud. This myth perhaps has its origins in a June 2009 Gartner report entitled “Private Cloud Computing: The Steppingstone to the Cloud”. The author talks about private clouds being a good interim step for services not yet available externally or those that can’t yet be built on public cloud platforms, but the headline has taken on a life of its own, aided by the vendor marketing spin machines. The idea that moving to your own virtualized IT environment and delivering IT as a service to your internal customers may intuitively seem like a good first step before moving the services to someone else’s platforms. The problem is that while private clouds provide clear benefits, they don’t fundamentally alter your cost structure or activities, and your IT department is still locked into many of the same structural problems as before. To understand why, let’s examine what it takes to create a private cloud and IT’s activities in an enterprise with a private cloud.

Moving to and living in the private cloud
Chuck Hollis at EMC, who’s one of the most eloquent private cloud commentators, describes a three-stage adoption path for private cloud. It begins with transitioning IT’s own applications to virtualized infrastructure, followed by business applications and finally running IT “as a service”. Now, there’s no doubt that in the end state, IT is making much more efficient use of infrastructure and can provision capacity for compute and storage much more easily. But, is this fundamentally different than what IT does today? Not really, because you still have middleware, databases and applications, and all of the complexity you have today. In fact, you have the additional complexity of having to provide all of this to your end-users as a flexible, metered service.

So, in this world, IT has learned (the hard way) how to become a service provider and try to recreate internally what companies like Salesforce, Google and Workday do for a living. Learning how to do this and delivering this using today’s software stack, even on top of the best virtualized infrastructure, is no easy task.

And does all this prepare you any better for moving to the public cloud? Not really. It enables you to move easily to infrastructure-as-a-service such as Amazon but as we’ve argued before, this only gives you a fraction of the benefits of moving to higher levels of the stack such as PaaS or SaaS.

The fundamental issue is that virtualization (or even IaaS) doesn’t fundamentally alter where IT spends the majority of time and budget today, which is maintaining and enhancing a complex software stack built on a patchwork of applications, databases and lots of plumbing. So, unfortunately, virtualization or private clouds keep you running on the same old treadmill as before, just maybe with better shoes. So you may be able to run faster and in greater comfort than before but you’re still going in circles!

Why this is different than moving to public cloud platforms and applications
Now let’s contrast this with what happens when you migrate to public cloud platforms and applications. Cloud platforms (PaaS) and applications (SaaS) abstract away hardware and the lower layers of the software stack and automatically stay current. As a result, IT no longer needs to maintain infrastructure, patch or update software, or do many of the things that occupy time and budget today.

This enables IT to become a much closer partner to the business. And this isn’t just marketing. We’re in the process of concluding a survey with 150+ companies who have adopted cloud applications and platforms and 70%+ of respondents said that public cloud solutions had enabled them to change the role of IT within the business. Moving to the public cloud has significant benefits, but it does require IT to focus on some new areas that they may be less comfortable with, but in the end will have a greater impact on the business including:

• Optimizing business processes
• Navigating the public cloud ecoysystem
• Developing apps in an iterative way, collaboratively with the business
• Connecting and extending cloud platforms
• Creating a unified user and management experience across multiple cloud applications

Virtualizing your infrastructure may help a bit with the first but not with any of the others.

Implications
We’re not saying that virtualization or private clouds don’t have a place in your strategy. For many large enterprises, they make good sense. But, it’s not a replacement nor a first step to building a public cloud strategy. They’re different. Public cloud platforms enable you to focus your scarce resources on driving business results rather than running data centers or patching software. Companies who take advantage of public cloud platforms will be able innovate faster and respond much more quickly to business challenges, in addition to reducing costs. That’s why we urge every one of our customers to build a cloud adoption plan, moving at least 10% of their IT to the cloud every year.

Mythbuster Monday (Part 4 of the Series): Most of My World is Still On-Premise

Balakrishna Narasimhan

When people talk about the myths of cloud computing, you often run across issues like security, availability, integration and trust. One myth that isn’t so blatant, but is often used to refute the idea of broad enterprise cloud adoption is the idea that most enterprise IT is and will continue to be on-premise. This is also the main argument used to make the case for companies investing in hybrid cloud environments vs. public (another myth which we’ll address in our next blog). We want to tackle this myth head-on today.

While a majority of enterprise systems and data may still be on-premise today, we would argue that most of the business processes and interactions that differentiate a company already lie outside their firewall. We live in a connected world where customers, prospects, partners, suppliers, developers and employees are scattered across the globe, interacting with you on devices that you probably don’t own, and on public forums and portals that you might not completely control. Consider the following:

• More marketing campaigns are being built around and run on community sites and online marketplaces, search engines like Google, and social networking sites like Facebook, Yelp, etc.
• Most customers and employees start their relationship with a search on a site such as Google, followed by a visit to a company’s website, a property that many enterprises outsource in some way
• An increasing number of customer support conversations (and complaints) are moving online to forums like Twitter and Facebook
• Hosted or outsourced customer and partner portals are taking off in a time when more efficient, cost-effective self service options are becoming the norm rather than the exception

There are three major trends that are driving the shift to a predominantly off-premise world.

1) Your business operates as part of a global network
As the global economy becomes increasingly inter-dependent, companies are fostering their business relationships as a competitive advantage. Connectivity of people, processes and information beyond corporate and country boundaries is driving the formation and management of global business networks. These networks can be collaborative or coordinated but both approaches are increasingly dependent on IT to manage and monitor the operations.

No longer can businesses operate on the castle and moat model. Partners, suppliers and developers are connecting and sharing information across your network — and that’s a good thing for your business. Businesses that are changing their shape, structure and boundaries through processes of decentralization, empowerment, alliances and outsourcing are the ones that are becoming more nimble and flexible.

2) Even your own employees and your data are often off-premise
Unless they are in a very “unique” business, employees do not live 24-hours a day in the confines of their employer’s walls and systems. And when they are at work, they are bringing their personal habits, tools and preferences with them (whether you like it or not). According to AT&T, four out of 10 iPhone sales are to business users. These devices are being used to access corporate email and systems, and you can be sure they aren’t locked up in a desk once the employee leaves the office.

Even when an employee is physically on-premise, their interactions reach externally. Network Box reports that almost 7% of all URLs accessed by businesses go to Facebook and 10% of Internet bandwidth goes to YouTube. They tap into dozens of public sites to do their job - Skype, Wikipedia, LinkedIn, search engines, and even their personal emails which often end up as a workaround for the storage limits of Exchange. They store (and leave with) information on laptops, USB storage devices and mobile phones.

3) Everything is going mobile
Morgan Stanley’s frequently quoted report on the “Mobile Internet” from late 2009 predicts that “if past is prologue, the impact of the mobile Internet will be bigger than the impact of desktop Internet...and personal computer...and minicomputers...and mainframe.”

They use some numbers to illustrate this point:

• 57MM Apple mobile devices sold between July 2008 and Dec 2009 (and this was before the iPad!)
• 2B iPhone applications downloaded between July 2008 and Dec 2009
• 490M 3G subscribers in 2008

This obsession with mobility, and the ecosystem that surrounds it, is dramatically changing how consumers and customers access information - and very little of that information is on-premise. If enterprises remain focused on the status quo and don’t embrace a cloud-optimized IT architecture, they’ll miss the mobile movement. This means they won’t be adequately prepared for how customers, partners and employees want to interact, and unfortunately, many of their competitors will.

What this means for CIOs
Before enterprises bet their future on traditional on-premise or even hybrid systems optimized to reinforce or protect the physical boundaries they THINK they have today, they should ask themselves if that’s the world they’re really living in. It’s certainly not the one they’ll be living in five years from now.

Unlike traditional on-premise applications that were designed for the physical boundaries of yesterday’s business models, cloud applications and platforms are optimized for today’s networked, mobile workforce. Better yet, these applications and platforms are constantly evolving and enable you to take advantage of new features, new delivery channels and more, without costly upgrades.

To close with a metaphor my colleague used in previous mythbuster blog on security, stop trying to build up the moat that’s blocking access to the castle and start building a bridge between the castle and the people around it!

Trust and Liability in the Cloud Age

Shawn DeVries and Dan Arrigan

Recently, we had the opportunity to take the message of cloudsourcing to a small group of technology executives, providers, and consulting firms. This small group forum was typical of technology breakfast seminars: someone (Appirio) acting as discussion lead on a particular topic (cloudsourcing) and facilitating this discussion through real-world examples, cloud roadmaps, and eye-opening industry trends.

Appirio employees are lucky enough to act as subject matter experts and discussion leaders among their respective local colleagues in IT and business. While these peer networking events are wide-ranging, from technical user groups to business roundtables, a common thread has emerged in conversations around cloud and SaaS: as a technical leader or business executive, how can I place trust in a cloud vendor to run 100% of my IT operations, and how do we protect ourselves against liability should something fail?

This is not a new topic, and has been discussed before among IT practitioners that have much to lose in a cloud outage or failure. The difference now versus two years ago is the momentum at which companies and organizations are moving to the cloud. In other words, companies are now moving beyond single, siloed, technical SaaS solutions and to the next “tier” of cloud adoption.

The conversation amongst the 20+ practitioners at this event was lively, with some of the typical objections and concerns raised around cloud computing. But in the end, the majority of the dialogue amongst the attendees was around trust and liability.

In this new age of cloud computing, how does a company trust a solutions provider and cloud vendor with running critical business processes in the cloud?

First, let’s talk about trust, but let’s use the executive relationship between two fictional companies as a starting point. The example scenario is typical of many vendor-client relationships. For this discussion, the meeting is an executive presentation of findings discovered through an assessment of “cloud readiness” by a cloud solutions provider.

On one side of the table is the executive management team from a large financial services firm that is looking to reduce their overall IT spend, but also improve their ability to respond to changes in the marketplace in a timely fashion. The vision of the CEO is to harness the power of technology to gain competitive advantage over their rivals in the marketplace. Something she is calling “the Money Cloud”. It’s up to the CIO to make this a reality. We will call this company “ABC GloboBank”.

On the other side of the table you have a global cloud solutions provider (say, CloudUniversal) that is positioning a whole suite of solutions to address ABC’s immediate needs, and provide a flexible platform for growth in the future. An ROI study has been performed by the CloudUniversal team to help ABC justify the partnership, and this meeting is in the Q&A stage after a very polished presentation of the study and future roadmap.

Let’s say that by the beginning of this meeting, all the tough technical points have been addressed. Nothing out of the ordinary here, at least from a technical or security perspective. The CIO is happy with the responses received on his IT team’s concerns: security, reliability, redundancy, authentication, user management, maintenance, integration, transactional efficiency, and flexibility to respond to the needs of the business. No major roadblocks are present, just the grumblings around change management, user experience, writing off the previously incurred cost of messaging infrastructure, weighing this past cost versus future costs, etc.

Additionally, the legal and regulatory teams are satisfied with the tools provided by CloudUniversal for legal discovery, tracking, and exposure to legal risk. At any given time, the legal team feels that the proposed approach will allow them to audit at a transactional level through a browser-based interface that is only accessible to a limited number of users within the legal department.

This is where the trust factor kicks in.

ABC GloboBank has to look across the table at CloudUniversal and truly believe that they can trust this well-respected company with maintaining the technology heartbeat of their company.

What if CloudUniversal is acquired by a foreign entity? What if they go bankrupt? Before, if something failed in the ABC GloboBank data center they knew that they could simply head down the hall and “wring the neck” of those responsible. Now, with data replicated across multiple, secure, secretive data centers, how does ABC maintain control? Who is held liable for damages, money lost, missed deliveries, data integrity issues?

Sound familiar? It should. These are the conversations happening every day, all over the world. From medium-sized manufacturers to large multinationals, the trust and liability conversation is front and center. Technology philosophies aside, it comes down to trust. Trust in the vendors, trust in the solution providers and system integrators, trust in the support staff, trust in the reliability, security, and scalability of the multi-tenant model that is the core of cloud computing.

“Let me state, first and foremost, that I believe the cloud can and ultimately will be trusted,” Stephen Elop, President, Microsoft Business Division said in his opening remarks during an Economist sponsored debate on whether or not the cloud can be trusted. “There is little debate about whether the cloud is a great technology evolution. The benefits of increased productivity, cost savings and improved efficiency, plus the ability to support and empower a broader range of users via the cloud are clear.”

Carefully researching the benefits of cloudsourcing is a vital stage in the development of relationship between corporations such as ABC GloboBank and CloudUniversal

And there are concrete ways in which a cloud solution provider can begin to earn your trust right from the start:

• Transparency, ranging from tours of their data centers to real-time updates on performance
• Commitment to securing independent industry certifications, for instance Statement on Auditing Standards (SAS) 70 Type II Audits
• Providing complete availability of your data, anytime, anywhere
• Best efforts to ensure application portability, use of standards-based technology where possible
• Pay as you go contracts that force cloud providers to "earn" your business every year.

When you invest in the cloud, you’re not simply getting a knife that is cutting-edge technology when you initially purchased it yet dulls over time and before long is no longer useful. Cloud technology not only keeps your blade sharper than anything you’d buy on the shelf, it constantly increases its capabilities.

“Investing in and delivering this rapid innovation without invoking an upgrade tax is a change that customers welcome and is the foundation of trust in the cloud,” Marc Benioff, Chairman and CEO, salesforce.com said in his debate with Elop.

With the cloud, your single blade soon turns into a Swiss Army Knife before your eyes, without replacing hardware, without installing installing updates, without any interactions on your part. The excitement and trust around cloudsourcing absolutely grows as a company embraces it.

For more information on moving to the cloud and to get you started asking questions, read our new whitepaper on the “path to cloudsourcing”.

Five reasons why Google is more than ready for the enterprise - Blogging for Computerworld

Ryan Nichols

Now that Microsoft has finally embraced cloud computing and taken a version of its flagship Office suite online, pundits have started to question whether Google "has what it takes" to compete in the enterprise. The Microsoft marketing machine has been hard at work in this area, but I think discounting Google's focus, resources and innovation in this space is a mistake.

Now I have a vested interest in this topic - my company Appirio is one of Google's partners. It's that experience working with Google's largest enterprise implementations that gives us some amount of insight into how Google operates that I wanted to share with this community-here are 5 reasons I think Google is more than ready for the enterprise...

Read more here...

Mythbuster Monday (Part 3 of the Series): There is a Higher Risk of Lock-In with the Cloud

Narinder Singh

The next myth in our Monday Mythbuster Series is the idea that lock-in is a bigger issue in cloud computing than with alternative models like on-premise solutions, hosted solutions, etc. It’s a topic we still see often in the press and even in sales cycles. Interestingly enough, it’s one we hear much less often once we engage with our customers in actual implementation and development projects. Perhaps that’s because they realize “lock-in” (like privacy) is a relative term and a fact of life in IT. In fact, the lines between “lock-in”, standardization, commitment, and partnership are subtle ones.

“Lock-in” - whether to a vendor, a platform, a development environment or language - has been an issue for decades and used by numerous vendors as a reason why customers should or shouldn’t move to a technology. “Don’t use Microsoft technologies or you’ll be locked in!” Yet today there are more than 8 million Microsoft developers (although this is something many are trying to change). “If it’s not built using industry-standards, you’re locked in!” Maybe, but SQL is a standard and you don’t see a lot of companies regularly switching their databases. And there’s the newest one...”If you don’t control your data and apps in house, you’re locked in!” Tell that to the companies paying millions to upgrade or rip out their legacy SAP and Lotus Notes systems (which we lovingly refer to as the asbestos of software).

My point is not that you shouldn’t be concerned with lock-in. It’s to say that lock-in is not any more of an issue with the cloud than it is with traditional software. There are however, some key differences between cloud and traditional software that companies should consider.

With traditional software you have the option to run unsupported, legacy versions of old applications as long as you want at no charge. You can’t do that with SaaS. Yet with SaaS there’s a natural buffer for abuse by the vendor that you don’t get with on-premise. SaaS vendors don’t get all their money up-front, they have to continue earning your business. And if one of the large scale SaaS providers does have a major issue, there’s a tremendous market opportunity for third-parties to come in with migration tools that only need to be written once since SaaS applications have a single application version and supporting infrastructure. Compare this to the exponential problem of trying to write migration tools for multiple versions of on-premise applications and all the flavors of infrastructure they run on, and you’ll see why migration tools for cloud apps will be more commonplace in the future.

The Real Considerations Around Lock-in

While lock-in exists, there are things you can do to balance risk with the benefits of the cloud:

• Choose cloud solutions that have full, open APIs - We’ve said this before, not all cloud vendors are created equal. This is one of the reasons why Appirio has a strategic focus on a relatively small set of leading cloud providers. Platforms from Amazon, Google, salesforce.com and Workday have a broad, open set of APIs that more people in the cloud ecosystem are writing against than other market alternatives. Robust APIs create “checks and balances” because they allow for the potential of a single migration solution to be applied to an entire customer base. This helps ensure the SaaS vendors can’t hold customers hostage (e.g. Oracle and their approach).
• Plan implementations and development around the application needs - The more proprietary APIs, protocols and languages you use, the less portable your code and data will ultimately be. But often the more you leverage these proprietary services when building or deploying an application, the faster and more easily you can move to get to a better solution. Lock-in risk should be weighed against the productivity and time-to-market benefits enabled by these more tailored tools.
• Develop the right kind of code, the right way - The more code you write or customizations you make, the more it costs to maintain and the less portability you have (this holds true in both cloud and on-premise environments). Therefore code should be used to develop and extend a solution that creates unique business value. Is that enhancement you are asking for helping create value or just creating work because its trying to reflect the way you’ve done things in the past? Code is powerful when used the right way because it represents what is unique to your business, but when applied without precision it becomes an anchor. When it is necessary, using things like components and SOA help make it more pluggable and better partitioned - resulting in something that can be moved or migrated more systematically. The cloud should make this process easier.

The Future of Cloud Lock-in

As the market matures, lock-in should become even less of an issue with cloud solutions. For one, more tools will become available to make it easier to move data to or from leading cloud providers. The evolution of standards will help here, as will the growing volume of customers on these leading platforms, making it a significant market opportunity to third-party vendors (and likely, an area of investment for VCs).

As we look into a future - one where cloud solutions will play a dominant role and where the concept of lock-in won’t ever completely disappear - consider one thing: If some degree of lock-in is inevitable, isn’t it better to be locked-in on the most advanced version of the product vs. some obsolete technology that becomes unsupported all too quickly? . Being well served by a great solution and great partners is the best protection against the cost of switching because you won’t need to switch. From that perspective, it’s a lot like marriage. Should one worry more about how to best ensure they can get out of it, or focus on making sure they find the best and most compatible partner for the long run???

Learning from an audience of cloudsourcing candidates - Blogging for Computerworld

Ryan Nichols

Last week, I summarized our webinar with Mark Newhall, an expert at corporate transformation powered by cloud technology, on the topic of "the path to cloudsourcing." Joining us for that discussion was an audience of 80 IT decision makers and influencers interested in cloudsourcing. Our interaction with these cloudsourcing candidates was just as informative as our discussion with Mark.

In this post, I wanted to summarize what we learned about the leading edge of cloud adoption, and respond to some of the questions we received.

1) Cloudsourcing is getting established as a consumption model

About half of cloudsourcing candidates already have more than 25% of their IT landscape in the cloud. For this part of the market, adoption is shifting from a few edge applications to become a much more significant part of their IT landscape...

Read more here...

Discussing cloudsourcing and corporate transformation with an "execution specialist" - Blogging for Computerworld

Ryan Nichols

I was excited to host Mark Newhall for a webinar last week on the "Path To Cloudsourcing." Mark is an expert at corporate transformation, often-times powered by cloud technology. He was a very early adopter of salesforce.com at Corporate Express, where he lead the global transformation of their customer-facing processes. As COO of Market Force Information, a customer intelligence firm, he charted out a 3 year roadmap to move entirely to the cloud, enabling a new growth strategy. He now leads Execution Specialists Group, advising C-level executives on business transformation strategies.

Our discussion focused on building, executing and measuring the success of a comprehensive cloud strategy. You can view the full webinar here-- below are some highlights from our conversation:

Tell us about your experience with Salesforce at Corporate Express. Was the adoption led by the business or by IT?

Back in 2002, our initial adoption was led by the business. It started with a couple of sales teams who adopted Salesforce and started getting fantastic results. Of course, because of this initial success, we wanted to roll out Salesforce more and that's when we started working with IT.

Read more here...