Are CIOs ready to use cloud computing?

Seldom in the history of IT have CIOs faced a marketing barrage of hype comparable to that which is currently to be found billowing around the term “cloud computing”. It appears as if every vendor with any product or solution to market is compelled to employ one of the terms “cloud”, “IaaS” (infrastructure as a service), “PaaS” (platform as a service) or plain, simple “SaaS” somewhere in the stories they promote. With so much energy being expended marketing the term, it is worthwhile looking at what is actually happening in the real world. The first thing that several studies have shown us, is that actual deployment of any form of cloud solution is still confined to a relatively small number of organisations, with usage being higher in larger organisations rather than in small business. Clearly this is a matter of concern to some would-be cloud suppliers. But the marketing efforts are raising challenges for many CIOs. Worryingly these are often encapsulated in the questions posed to them by their fellow directors. “Why aren’t we adopting these ‘cloud’ solutions?” is a fairly common enquiry. And as with all things that come with the force of a typhoon, it can sometimes prove tricky to counter hype with pure factual responses. Fashion and marketing are not so easy to derail. So what approaches can CIOs adopt when discussing the very real inhibitors to large scale adoption of cloud services? Our research, and my own thoughts on the subject, tends to group potential customer concerns into four main areas. To be specific these are questions regarding security, quality of service, the significant matter of data / vendor lock-in and, finally, the long term cost of such services. Security of information, and potentially of the structure of business processes, will always be matters that merit acute study even when services are run in house. When organisations consider moving to services that reside entirely outside of their computer rooms and datacentres they need reassurance that only their staff will be able to access and change corporate data but also that such data will be adequately backed up and otherwise protected. This topic alone can cause problems as many service provides run their internal maintenance and monitoring tools on top of the organisations stored information and the very existence of the meta data so created might contravene either national laws or corporate governance requirements. There is also the question or where, geographically and geo-politically corporate data will be held. Many nation states have strong restrictions on how and where certain data types must be held. Until cloud providers are able to demonstrate that their offerings more than adequately satisfy such legislative requirements there will be significant hurdles to overcome. Another factor to consider, especially when looking at PaaS and IaaS offerings concerns the nature of software licensing and who is responsible for what and how such licensing issues can be monitored and managed effectively. The concerns surrounding data and IP “escrow” are matters that merit serious consideration by anyone looking to use any form of cloud service. It is essential that the organisation have agreements that detail the processes to be used to return all corporate data and any embedded intellectual property held at the end of life of the service, whatever the cause. This is an area where few cloud suppliers have taken great pains to explain how these situations are handled and how any guarantees are to be enforced.

The next obstacle is that few cloud service providers supply any meaningful guarantees covering the quality of service they deliver. Indeed, it can be difficult to get anything beyond a “best effort” agreement to be put into contracts and potential customers are frequently met with references to past performance without offering any assurance of future service delivery. Perhaps of even more concern is that outside of highly bespoke hosting arrangements, few, if any, cloud service providers will accept any liability for data loss. The point here that putting pure QoS issues aside, which CIO will accept no guarantee that crucial business data will not get lost or corrupted? No one I know. Clearly these approaches clash with enterprise demands for service quality visibility and the corresponding demands for continual improvements. This just leaves the matter of cost. Our research highlights that the long term cost of service can be a major inhibitor to cloud adoption amongst both existing users of cloud services, frequently SaaS offerings, and those yet to take the leap. There is clearly a perception that cloud services have some way yet to go to be priced at levels acceptable to many organisations. For what it is worth, I believe and have repeatedly said so over the course of the last decade, that organisations will utilise an ever-expanding range of services that are sourced from outside the organisation itself. But cloud will not “take over” a significant chunk of the market overnight. Instead usage will grow slowly, perhaps in many instances almost without being visible. Even in best case scenarios for cloud service providers there are very few organisations of any size that will ever be able, or comfortable, using only cloud services with nothing held in house.