Saturday, May 3, 2008

Cloud computing: adoption fears and strategic innovation opportunities

The recent CIO.com article lists out the top three concerns that the IT executives have regarding the adoption of cloud computing - security, latency, and SLA. These are real concerns but I don't see them inhibiting the adoption of cloud computing.

Adoption fears

Security: Many IT executives make decisions based on the perceived security risk instead of the real security risk. IT has traditionally feared the loss of control for SaaS deployments based on an assumption that if you cannot control something it must be unsecured. I recall the anxiety about the web services deployment where people got really worked up on the security of web services because the users could invoke an internal business process from outside of a firewall.

The IT will have to get used to the idea of software being delivered outside from a firewall that gets meshed up with on-premise software before it reaches the end user. The intranet, extranet, DMZ, and the internet boundaries have started to blur and this indeed imposes some serious security challenges such as relying on a cloud vendor for the physical and logical security of the data, authenticating users across firewalls by relying on vendor's authentication schemes etc. , but assuming challenges as fears is not a smart strategy.

Latency: Just because something runs on a cloud it does not mean it has latency. My opinion is quite the opposite. The cloud computing if done properly has opportunities to reduce latency based on its architectural advantages such as massively parallel processing capabilities and distributed computing. The web-based applications in early days went through the same perception issues and now people don't worry about latency while shopping at Amazon.com or editing a document on Google docs served to them over a cloud. The cloud is going to get better and better and the IT has no strategic advantages to own and maintain the data centers. In fact the data centers are easy to shut down but the applications are not and the CIOs should take any and all opportunities that they get to move the data centers away if they can.

SLA: Recent Amazon EC2 meltdown and RIM's network outage created a debate around the availability of a highly centralized infrastructure and their SLAs. The real problem is not a bad SLA but lack of one. The IT needs a phone number that they can call in an unexpected event and have an up front estimate about the downtime to manage the expectations. May be I am simplifying it too much but this is the crux of the situation. The fear is not so much about 24x7 availability since an on-premise system hardly promises that but what bothers IT the most is inability to quantify the impact on business in an event of non-availability of a system and set and manage expectations upstream and downstream. The non-existent SLA is a real issue and I believe there is a great service innovation opportunity for ISVs and partners to help CIOs with the adoption of the cloud computing by providing a rock solid SLA and transparency into the defect resolution process.

Strategic innovation opportunities

Seamless infrastructure virtualization: If you have ever attempted to connect to Second Life behind the firewall you would know that it requires punching few holes into the firewall to let certain unique transports pass through and that's not a viable option in many cases. This is an intra-infrastructure communication challenge. I am glad to see IBM's attempt to create a virtual cloud inside firewall to deploy some of the regions of the Second Life with seamless navigation in and out of the firewall. This is a great example of a single sign on that extends beyond the network and hardware virtualization to form infrastructure virtualization with seamless security.

Hybrid systems: The IBM example also illustrates the potential of a hybrid system that combines an on-premise system with remote infrastructure to support seamless cloud computing. This could be a great start for many organizations that are on the bottom of the S curve of cloud computing adoption. Organizations should consider pushing non-critical applications on a cloud with loose integration with on-premise systems to begin the cloud computing journey and as the cloud infrastructure matures and some concerns are alleviated IT could consider pushing more and more applications on the cloud. Google App Engine for cloud computing is a good example to start creating applications on-premise that can eventually run on Google's cloud and Amazon's AMI is expanding day-by-day to allow people to push their applications on Amazon's cloud. Here is a quick comparison of Google and Amazon in their cloud computing efforts. Elastra's solution to deploy EnterpriseDB on the cloud is also a good example of how organizations can outsource IT on the cloud.

Service innovation: I see many innovation opportunities for the ISVs and partners to step in as trusted middleman and provide services to fuel the cloud computing adoption. SugarCRM recently announced a reseller partnership with BT to reach out to 1.2 million business customers of BT and sell them on-premise and SaaS CRM. I expect to see the ecosystem around the cloud computing and SaaS vendors grow significantly in the next few years.