Originating author: Wendy Schuchart
CIOs seeking to build transformative IT are urged to run “to the cloud”. However, as with all things IT, the hype obfuscates the concept, rendering it meaningless. “The cloud” originated with the idea of any network outside of your control, be that the Internet or another cohabitant system. Originally, this concept represented the idea of data passing through a network that was behind a black box, which the admins had very little insight into and could not control once it was out of their hands.
Now, the IT sphere has begun applying “cloud” to various hosted services that are accessed through the Internet, be it Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), or Platform-as-a-Service (PaaS). Cloud computing has morphed into a much larger concept rather than a specific technology.
It’s time to bust some myths around cloud computing. We’ll walk through the high points of what CIOs need to understand about public megaclouds, OpenStack and how cloud computing is going to happen with or without an official organizational cloud strategy. We’ll offer advice on how to migrate confusing vendor terms and offer suggestions for ways CIOs can move from virtualization into a full cloud strategy.
Why cloud computing?
“Cloud is no longer just a buzzword, it’s a strategy, it’s a delivery model, it’s a set of technologies and it’s a distribution channel and potentially a competitive weapon,” said Wikibon’s CEO Dave Vellante in a recent panel discussion.
Cloud computing is attractive to the CIO for several reasons, the first of which comes down to the ability to translate cost savings and variable costs for the CFO or CEO, but agility is a big factor as well. Countless startups have built and scaled their businesses quickly by utilizing cloud computing services because they eliminate the massive capital expenditures for physical hardware required for such scalability and offer some layers of security.
Departments within larger enterprises often innovate by borrowing the agile strategies of startups, and cloud computing is no exception. By creating essentially an offsite sandbox within a megacloud, organizations are afforded the luxury of experimenting and engaging in heavy dev ops initiatives without worrying about how their projects might affect business-critical systems.
Three phases of cloud
When Amazon Web Services (AWS) was launched in 2006, it brought with it the promise an entire new world order. Developers were thrilled by a low-risk sandbox in which they could engage in dev/ops without touching their organization’s infrastructure – or begging, borrowing, and stealing server time.
As adoption grew and the economy started slowing in 2007/2008, organizations understood that they had the ability to shift from fixed to variable expenses by utilizing cloud-computing services. By 2010, a second wave of cloud adoption emerged, where anyone could buy computing resources by swiping a credit card; circumventing traditional IT channels and approval processes. This phenomenon was termed “Shadow IT,” referring to non-IT generating technological buys and processes without approval or even knowledge of the IT administrators.
Take for instance, Dropbox. The ubiquitous cloud storage offers a modicum of automated storage space for free and then has an affordable tiered scale. Users adapt to the free cloud service when they want to access verboten personal files on the network, company documentation from home, or even just listen to their MP3s while at work. Show us a CIO who thinks that his users aren’t using Dropbox to shuttle company data and we’ll show you a CIO in denial. Some CIOs are shelling out for the enterprise license for Dropbox because they can’t ignore it anymore.
The prevalence of Shadow IT in the industry represents a larger dilemma. It underscores the elemental problem that IT is viewed as an impediment by the rest of the business. CIOs should be asking themselves why parts of their organization find it easier to break protocol than deal with IT. The presence of Shadow IT represents a large risk to IT’s evolution and business alignment. Easy and elastic options like AWS, Google Compute Engine, and Microsoft Azure are akin to infidelity in the relationship that the organization has with its IT department. CIOs can use this canary in the coal mine as an opportunity to reach out and reengage with the business on a much broader level.
The cloud computing ecosystem is again going through a transitory phase. “We started to focus on the notion of private cloud, which evolved beyond the idea of virtualization, orchestration and management,” said Vellante. “We think we’re entering a third wave of cloud, which is much deeper integration into the business. It’s not just ‘my mess for less’ but a true business model enabler.”
Difference between virtualization and cloud
One of the biggest jargon slides in the technospere has been the conflagration of “cloud computing” with “virtualization.” While cloud is NOT a synonym for virtualization, virtualization is often the technological underpinning but not the basis for cloud computing, both public and private. With virtualization, IT still has to provision the virtual machines to users within the organization and must do so individually by installing the software needed. It lacks the on-demand self-service and rapid elasticity of cloud computing as defined by NIST, as well as the built-in automation and sharing multi-tenancy with other organizations, since a virtualized infrastructure is entirely within a single organization. The backbone of virtualization is in resource pooling, which it shares with the cloud computing concept. (Depending on the internal IT budgeting, a virtualized infrastructure may or may not be a measured service based on actual usage by each department, so that, too, may be a technical issue to meeting NIST’s definition.)
Once a CIO has implemented a virtualization strategy, cloud computing is a reasonable next step toward moving to a cloud environment, either private, hybrid, or public. If a CIO already has everything virtualized, all one needs to do to transition to a private cloud is to add an orchestration layer and a service catalog. This isn’t a trivial step -- setting up a private cloud does require significant organization and planning, but in the instance of a pre-existing virtualization layer, the foundation has already been laid.
Private, Public or Hybrid?
When it comes to cloud computing, there really is no “one-size-fits-all” approach, despite what vendors will claim. Tantamount to the CIO’s task is to find ways to increase and create value for the organization with potential to unlock opportunities to innovate.
CIOs have a choice between public, private, and hybrid cloud infrastructures. Each of these models has its advantage and often the decision is not clear-cut. For instance the security and privacy needs of an organization that deals primarily with health care data will be much greater than that of a manufacturing organization. However, with Amazon GovCloud offering a private “public” cloud, the technology is out there to have Fort Knox-level clean off-site public clouds, and we anticipate this service to be more prevalent in the years to come.
With the public cloud, customers rely on the vendor's security, backup, and overall IT procedures to be adequate to the customer's needs. With a private cloud, the IT department uses it's own standards to provide the ease-of-use and ease-of-deployment internally. Private cloud is generally considered the more "feel good" option that allows CIOs more control. However, the public cloud has a lot going for it.
The public cloud removes the need for expensive cap ex investment in hardware, development, and deployment of a cloud solution. Public clouds also remove much of the customer's opex expenses including HVAC, space, and physical security. Public cloud also gives CIOs the ability to shop around, compare pricing and pit public cloud vendors against one another not only for price but for uptime, features, and security.
“While prudent CIOs will focus on data governance, privacy, security, and other organizational risks associated with moving to the Public Cloud, the reality is that intensified partnerships with cloud service providers are probably in their future,” said Vellante.
Often the best fit for an organization is a hybrid model -- where certain processes or lines-of-business use the public cloud and where other processes or lines-of-business use the private cloud. The decision to use one or the other needs to be balanced to gain maximum return on the dollar – or more realistically, cost savings or avoidance -- investment in either infrastructure. For instance, the VMware hybrid cloud solution has promised to extend the same platform to a private and public cloud, negating the need for separate architectures -- blurring the boundary between internal and external, something that has typically not been seen in practice. While there’s public interest for VMware’s new offering, we haven’t heard much in the implementation but watch for this space to make some ripples in the quarters to come.
Demystifying the *aaS
Prior to the rise of the Cloud, we had Software-as-a-Service (SaaS), followed by Infrastructure-as-a-Service (IaaS) and then Platform-as-a-Service (PaaS). Recently, however, vendors have been branding so many concepts “as-a-Service” that the vendor landscape has become alphabet soup. If CIOs are getting confused, we aren’t surprised. These were terms used to narrowly define specific service offerings without the all-shading umbrella of cloud computing.
For instance, you’re probably already using SaaS (like Salesforce.com). However, the level of customization and features it offers within its CRM function could in theory make it a PaaS offering. Cloud vendors would tell you that Salesforce.com is a cloud offering, because it exists outside of your data center and network. The truth is that the specific label is now meaningless.
What CIOs need to know is SalesForce’s uptime, security, costs, and implementation details to serve the business. It doesn’t actually matter of it’s SaaS or PaaS or cloud. It is functionality run by a third party and has to be evaluated as such.
Smart CIOs know that cloud or *aaS or some other technology industry acronym is just window dressing. Most SaaS offerings are like comparing apples to oranges and the biggest vendors aren't directly competing with each other. The functionality and the protection of that functionality from a DRM and security standpoint to protect the business are the important parts.
The most important question for a CIO at this point is to build a business case and determine where money is going to be saved and where value will be translated to the business. It’s all about the ultimate payoff, something CIOs need to keep in their sights as they fight through all the cloud hype.
While it’s still early in the game to declare a winner in the public cloud space, Amazon Web Service (also known as AWS) is certainly making a run for domination, having delivered almost $2B of services in 2012 according to industry estimates. It promises a flexible cloud environment for organizations from enterprise to SMBs.
Amazon is the clearly the leader in the mega cloud space, but it isn’t the only giant cloud provider. Microsoft is leveraging Hyper-V as a red carpet for Azure, which could be the push into the comfort zone for many teams.
Meanwhile, over at the world’s biggest search engine, Google’s Compute Engine is the heaviest competitor for AWS’ piece of the public cloud pie. While Google lacks some big facets of AWS’ prime support and the massive stable of partnerships and case studies demonstrating customer love, Google is still refining its cloud offering. Until it offers a truly revolutionary differentiating service, it remains a slightly sleeker, more streamlined (read fewer services and options) echo of AWS. Google will need some time to really wow the technosphere, but for smaller companies the lean and mean approach would be worth it for the slightly better pricing structure offered by Google.
While AWS sees tremendous adoption across the cloud computing space, the enterprise penetration statistics are a little deceptive. For instance, while Amazon is happy to boast clients from the Fortune 500, when you look closer, you realize that one team or one segment of that business is using the megacloud for a specific dev ops project. While AWS generated nearly $2B in revenue in 2012 (and is projected to hit upwards of $3B in 2013), it enjoys much of its movement from “shadow IT”.
While a formal cloud hosting solution requires much more business transparency, mega clouds charge on instances, so a small team can potentially enjoy the computing structure of a large enterprise without waiting for buy-in from the CIO or IT administrators. With a user accessing out-of-the-box features and a built-in firewall, minimal knowledge of virtualization is required, allowing Muggles from Marketing to hoist a public image over their lunch hour. This elasticity allows Amazon to boast an extremely high rate of adoption across the Fortune 500, despite situations where above-the-board adoption has not entirely been agreed upon by the organization.
There are, of course, situations where enterprises have embraced mega clouds for RTB functionality. For instance, as the DVD distributor Netflix transformed into a video streaming service model it began to deliver from its own physical data centers. Due to the transitional ebb and flow of video streaming – with peak hours during a North American’s leisure hours after work and on weekends – Netflix migrated to AWS. This model allowed Netflix to only pay for what it uses during times of high demand, as well as minimizing latency by taking advantage of Amazon’s regional data centers spread across the country. While Netflix’s usage depicts business-critical functionality and continuity uses, it is one of very few large companies to migrate such vital infrastructure to AWS.
“This new thing called cloud computing wasn’t necessarily about moving existing compute and storage infrastructure and applications into AWS. Rather it was more about enabling organizations to do new tasks that weren’t previously possible or practical,” said Vellante. “It allowed people to envision IT without traditional constraints, and it showed a new path to how developers could bypass corporate IT to get work done for very short money.”
For instance, when Outback Steakhouse wanted to give away one million steak dinners over a 48 hour period in a flash marketing campaign, it required a website that could rapidly scale and handle the kinds of viral traffic and computation power. Another famous example is when the Derek Gottfrid used the computational power of AWS and Hadoop to digitize the New York Times’ entire 11 million article archives in a little more than 24 hours. Most significant to this anecdote is that Gottfrid achieved this level of innovation with only a $240 investment, further underlining the attractive and low-risk venture that makes AWS the sweetheart of Shadow IT.
We are seeing smaller companies taking the leap of faith with AWS, simply due to the lack of funding for hardware infrastructure and computing power. As more third-tier vendors come to market with software and services specifically tailored to AWS, despite its closed nature, AWS is becoming a de facto industry standard, mostly because Amazon continues to drive down prices of its service, engaging more customers and building bigger data centers – a compelling energy cycle that powers its own self.
Generally speaking, enterprise CIOs deploy mega clouds as test dev environments, and once the project has a thumbs up, they move it back to their internal network. However, five years from now, we suspect larger businesses will be more comfortable with the idea of utilizing the public cloud for business-critical processes and be more inclined to take a page from the smaller enterprises and allow their processes to rock-and-roll out in the ether.
OpenStack was the brainchild a group of developers inside NASA that has gained wide support from the cloud community. Why are cloud vendors like RackSpace, VMware, IBM, and Cisco supporting development of essentially an open source solution? Simple: OpenStack maintains an even playing field and flies in the face of closed, proprietary systems like AWS. OpenStack is basically “a series of loosely coupled components that are easy to integrate with a variety of third party solutions and hardware platforms.”
“Moving stuff into the cloud is mainly dominated by people offering a specific application within the cloud. They as cloud providers want independence of that. That’s a very strong force,” said Wikibon CTO David Floyer at OpenStack Summit 2013.
“It’s very clear they’ve made enormous strides in two areas. First, they’ve brought in almost everyone in the industry. Almost all the major vendors are now part of OpenStack– IBM, EMC, Cisco, etc,” said Floyer. “The second thing that has changed is that the users who are also part of this foundation are just as much a voice for what OpenStack should be doing. The users have started to put forth real systems, and they’re showing that it’s stable and works and is cost effective.”
Publicly recognized implementers of OpenStack, in addition to supporters Rackspace and Hewlett Packard, include Best Buy, Comcast, and Bloomberg. OpenStack has also seen success within the highly regulated finance industry and been adopted by such firms as Fidelity and PayPal. Private cloud implementation of OpenStack has been the most common use but the standard can be applied against a public cloud as well. A true sign of OpenStack’s maturity has been significant interest from Chinese developers – and the next OpenStack Summit will be meeting in Hong Kong.
While the industry is agog on the possibilities of OpenStack, we have yet to see mass adoption from our CIO sources. In fact, in researching this, we did not find a single CIO who had embraced OpenStack. For now, it appears that the general consensus is “talk to us again in 12 months.”
Whether a CIO is already a VMware customer or is just thinking about getting into the cloud computing game, if she wants more control and transparency in her cloud environment, she can consider the OpenStack cloud architecture system. If she wants someone else to deal with all of that and will never want a hybrid cloud system that needs a common platform, AWS is happy to take care of that.
Recommendations for CIOs
While cloud is still considered fantasy by a surprising number of U.S. citizens (see “Confusing Cloud Computing” inset) it’s more disturbing to us that many CIOs still don’t have a cloud strategy in place in 2013. Considering the reality of offshoring and the likelihood that the employees are already engaging in cloud services on the sly, CIOs without a cloud strategy are naïve at a risk to their careers. Regardless of which strategy is right for a given organization, they should have already identified some opportunities for growth using cloud architectures and have a road map in place for the next five years of organizational health. From that point forward, it is merely a question of whether agility or rapid fire to market is the end goal. Keep in mind that translating the initiative to spend avoidance or variable expenses for the board of directors is key for CIOs looking to engage this technology.
The translation to the corporation will require a little finessing and people skills, however. CIOs should expect levels of subtle and open resistance from the IT staff who are fearing for their jobs in an uncertain economy. “The biggest opposition [to adopting cloud] was the fear among some on the IT staff that this would mean an end to their roles, careers, and expertise,” said Niel Nickolaisen, CIO of Western Governors University in Salt Lake City. “Over time, they have learned that this is not a concern.”
Action Item: It's absolutely crucial that CIOs have some kind of cloud strategy in place and also take care to be completely open and transparent about this initiative to staff. Respect them enough to understand that innovations and forward progress are inevitable but the intent is not necessarily to eliminate IT and supporting employees. While the adoption of cloud computing has not traditionally been the source of a reduction in force, it is unlikely to contribute to new job creation and should not be sold as such to appease a worried workforce.
Footnotes: See a collection of Cloud Computing Infographics from Wikibon and the industry.