The role of cloud in enterprise service delivery

'Cloud' has become a pervasive part of the IT vocabulary - but how big a role will it play in enterprise service delivery? Technology Decisions sought the views of a panel of senior IT executives drawn from the user and analyst communities and found there was a broad consensus.

How important will cloud be in enterprise service delivery, and why?

Cloud is "really important - it's a completely game-changing situation in the IT industry", says Donaldson. Companies such as Think that have grown through acquisition are well placed to take advantage of it, while those with legacy systems will soon face the need for replacement and will consider cloud systems alongside more traditional models.

Simonsen expects cloud to become the norm. Prior to joining Equinix, he worked for Pitney Bowes where he oversaw the replacement of a variety of sales force automation and financial systems running in 13 data centres around the Asia-Pacific region with cloud services from Salesforce.com and NetSuite. This move simplified IT - everyone in the region used the same applications, software upgrades and updates were eliminated, data centre hardware refreshes were avoided, “and the applications are really good”. The downside, he suggests, is that SaaS probably won’t deliver all the functionality of a decades-old, in-house system that has been adapted over the years.

Is it about cost, agility, availability - or just getting rid of that pesky capex?

“All of those,” says Donaldson. For Think, the use of cloud technologies has driven down costs as the company only pays for the resources it actually uses, and it gains agility extra resources that can be brought to bear so easily: a new server can be commissioned “with a few click of a mouse”.

“Cost wasn’t the first thing to look at” for Pitney Bowes, says Simonsen, though it was a factor. “It was a business problem we needed to solve,” specifically gaining visibility of regional operations, helping employees become more efficient and removing the need to own and operate data centres. The pay-by-use model associated with cloud “just makes life easier”, he says, “it’s taken the complexity out”.

Empired has been using NetSuite for over a year, and it has proved cheaper than on-premises software, is readily used by staff outside the office and was deployed very quickly. Baskerville predicts cloud will be used “right across the spectrum” from IaaS (the provision of raw processing and storage capability) through to specific applications. Horizontal applications such as finance and CRM are already available, and those for increasingly niche activities are appearing. “[Cloud] will replace, over time, the current delivery model,” he predicts.

Oostveen notes significant changes in cloud adoption over the last 12 months. Where it was previously seen as a way of gaining efficiencies and avoiding capital expenditure, agility has become an important consideration, as “business is changing rapidly”. But he believes there is still a place for conventional on-premises implementations - “it’s a matter of ‘fit for purpose’”, he says.

For example, a bank or government department likely runs systems that have been developed over decades and that are linked to specific infrastructure. Since these systems are critical to the organisation’s core function, they are likely to stay on premises. Furthermore, some workloads are not suited to the ‘scale out’ infrastructure associated with cloud implementations, but instead need a ‘scale up’ environment and so tend to be kept in-house.

Public, private or hybrid?

IDC’s research into Australian businesses suggests the hybrid model will predominate in the 2013-2017 period, Oostveen said. Some business-critical/mission-critical workloads will remain in-house, some generic functions such as email and collaboration will continue to move to public clouds, and data centre investments - whether by service providers or for organisations’ own use - will reflect these trends.

“It really depends on your business,” says Donaldson. Public clouds and virtualised private clouds tick a lot of the boxes for many organisations outside the finance, government and similar sectors, and he predicts most businesses will adopt public cloud systems.

Simonsen says the choice will depend on the organisation and the application, and one of the considerations will be how to control access, especially when there’s an extended community of users such as customers and suppliers in addition to employees.

The opportunity presented by a hybrid cloud to ‘burst’ (expand from an in-house cloud to that operated by a provider) in order to meet peak loads is very real, Simonsen says, and is especially relevant to retailers and wholesalers, as they typically experience seasonal peaks and troughs.

All three models are valid, according to Baskerville. Larger organisations are likely to use dedicated private clouds (though not necessarily from their own data centres), but specialist providers with multitenanted infrastructure will also be acceptable providing each tenant has its own application instances. While public clouds will be acceptable for common functions, most enterprise demand will be met from private and hybrid clouds, Baskerville predicts.

Is security an issue? Does cloud put too many eggs in one basket? Or are cloud providers able to hire the best security talent?

Since the hybrid model splits data across multiple systems - on premises, public cloud and hybrid cloud - Oostveen sees it as “putting more eggs in more baskets”.

Oostveen notes the importance of availability, and despite some perceptions that in-house operations provide better availability than cloud providers, he says “I challenge end users who believe this” and observes that there is a correlation between availability and security.

Cloud is not a magic wand, observes Donaldson, so organisations need to be aware of their responsibilities and make good choices. “You always have to be diligent,” but the issues vary according to the services being used and so are very different for an Amazon Web Services customer (which still needs to patch the operating system in use) or a Salesforce.com customer, for example.

Part of that diligence is ensuring that the provider has the appropriate vendor and other certifications, says Donaldson.

“We’re comfortable with a cloud environment, but we’re always vigilant,” he says.

“Security was certainly one of the questions we had [at Pitney Bowes],” says Simonsen, which is why providers such as Equinix have accreditations such as ISO 27001. While security is important, the requirements do not become more stringent just because a system is running in the cloud.

Security is an issue whether an organisation operates its own data centre or runs in the cloud, says Baskerville, but selecting an enterprise-grade provider should reduce concerns.

Larger providers can afford to employ people with high-end security skills, which are not only required by enterprise customers but “would definitely be an advantage for organisations that can’t afford to do it for themselves”, says Baskerville.

For how much longer will data sovereignty be an issue?

“Data sovereignty still comes up as one of the big issues surrounding cloud,” says Oostveen, though it does depend on the sector - for example, the Australian Government mandates local storage of certain data. But he predicts that over time people will become more used to cloud services and the idea of data being stored offshore.

“Customers do worry about where their data lives,” says Simonsen, but he suggests an appropriate approach is to value different sets of data and then make an appropriate assessment of where it should be stored. Naturally, government requirements should be part of this process, but a broad-brush decision to keep everything onshore is probably the result of having insufficient information, he says.

“It’s a complicated issue,” says Donaldson. Organisations need to understand their own business requirements in order to decide the significance of data sovereignty. Think does keep some of its data onshore, as the training it offers to the health sector involves the storage of real patient information.

Baskerville’s personal opinion is that the data sovereignty issue is poorly understood and that “creates nervousness”. While it is a fact that different laws apply in different countries, keeping data in Australia does not mean the government cannot access it