The move toward cloud computing is glittering with silver linings, according to most computing vendors. And the cloud certainly holds promise, but larger Canadian companies often view it with skepticism. They seem to believe that, as Judy Garland famously said, behind every cloud is another cloud.
According to a Telus survey of IT managers in Canada, adoption of cloud computing among Canada’s larger firms is surprisingly low. Seventy-one per cent of large Canadian enterprises were not open to alternative IT delivery models, the survey found. What’s holding them back, and are they missing anything? Part of the problem could be a lack of knowledge. Almost two thirds of large enterprises surveyed said they didn’t know how to integrate other sourcing approaches into their existing IT environment.
It’s worthwhile outlining what cloud is and isn’t. John Weigelt, national technology officer for Microsoft Canada, points to the definition from the National Institute of Science and Technology (NIST): the cloud is “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resource.”
29 per cent of 1,000 people actually said the cloud is
“a fluffy white thing, the sky, or something related to the weather.”
An astonishing 51 percent, including a majority of Millennials,
believe stormy weather interferes with cloud computing.
That definition seems reasonably clear, but when asked by Wakefield Research “Do you know what the cloud is?” 29 per cent of 1,000 people actually said the cloud is “a fluffy white thing, the sky, or something related to the weather.” An astonishing 51 percent, including a majority of Millennials, believe stormy weather interferes with cloud computing.
NIST points out that the cloud doesn’t need to be a vague computing resource hosted in a shady datacentre somewhere. Cloud computing can happen on a customer’s premises. It’s more about the computing model than the location. The key is that the functionality changes depending on which model you use.
Public or private?
Public cloud deployments are probably the best understood. This is where an organization makes cloud computing resources available to the general public, and shares the resources between them. Software as a Service (SaaS) is the best understood model here, and companies like Salesforce and Netsuite have been doing it for years.
“It’s a multi-tenant environment, in which multiple customers share that service but there are levels of isolation to ensure that customers can’t see each other’s data,” says Adi Kabazo, manager of cloud services at Telus.
SaaS may have been the only type of public cloud model on offer in the early 2000s, but things have moved on since then. There are two other types of public cloud infrastructure that offer more flexibility for customers. One is Platform as a Service (PaaS) and the other is Infrastructure as a Service (IaaS).
“A platform is something where you never have to worry about the infrastructure ever again, but it’s completely extensible,” explains Brandon Kolybaba, CEO at cloud consulting firm SheepDog. PaaS users get a set of software libraries and tools that enable them to bolt together software components and customize them into different applications, all based around the same underlying software core. One example is Salesforce’s platform, on which many third-party firms have built applications.
“The future of cloud is that any software that’s extensible through APIs and well documented becomes something that another piece of software can communicate and integrate with.”
While PaaS shields the customer from the underlying computing resources, IaaS exposes them. The most flexible public cloud offering, this model offers customers an array of virtual computing resources. This enables them to manipulate virtual machines and storage arrays in the same way that they would use machines on their own premises, except that these machines exist as virtual resources on someone else’s infrastructure.
Many companies are still spooked by the idea of public clouds. According to the Telus/IDC survey, 85 per cent of enterprises were worried about the security implications of cloud computing. Trust beyond the four walls of IT is limited.
Private cloud is an alternative deployment model designed to address that. In the NIST definition, a private cloud deployment may still be hosted on a third-party company’s infrastructure, but it is a single-tenant system, not sharing computing resources with anyone else.
Private cloud infrastructure can also be located on a customer’s own premises. But then what makes it a cloud-based system? There are several key characteristics that make a computing infrastructure “cloudy.” The ability to pool resources in a virtualized environment leads to rapid elasticity, so that resources available for particular users or applications can be increased or decreased on demand. Users can take advantage of this on a self-service basis, ideally through a portal, and their usage is measured and metered, enabling the IT function to charge back those resources. It’s the long-held dream of a service-based IT culture, writ large.
Drivers for cloud computing
This flexibility is a key driver for cloud computing, said David Brassor, cloud lead for Deloitte Consulting in Canada. He said there are opportunities whether you’re a small firm trying to get an invoicing system running or a larger firm attempting a more complex system.
“It used to take days to stand up a bank of servers for a testing program. What about if you click on a Web site and say ‘This is how much storage I need for the next six weeks’ instead?”
Cost reduction is another driver. “We are seeing some scenarios in which once you layer on start-up costs, the business model isn’t there,” he said. “Depending on the cloud service that you use, you can make that business case work [with cloud computing].”
However, vendors want to see customers get beyond mere cost reduction as a driver for cloud computing. When any new approach to technology emerges—be it as broad as business process outsourcing or as narrow as voice over IP—companies often look for cost savings first. Only when their approach to technology matures do they become more strategic. BPO becomes a platform for enhancing the business process being outsourced. VoIP becomes a strut for a unified communications strategy. Hopefully, cloud computing will become a more strategic platform for customers as they come to grips with it.
Moving beyond cost
One way to do this is to marry cloud with other technologies, such as mobile, said Stuart MacDonald, chief marketing officer of Toronto-based Freshbooks. “We don’t report these numbers publicly but we are seeing many more users accessing our service via mobile devices.”
Using the inherent scalability of a cloud environment can also lead to capitalization of intellectual property that wasn’t available before, said Aldo Gallone, cloud leader for IBM Canada. He looks for opportunities to crunch data with cloud resources that wasn’t easily crunchable before.
“These people may have an application or process that wasn’t easily enabled or sold, because there were barriers to turning it into something that someone would want to buy,” he said. “Whether it’s protein analysis in the biotech world, or data and nuance in any specific industry, it can now be monetized without the customer being an old-style information provider.”
He’s talking about big data, the large data sets that were previously only processable by customers who could afford high-performance computing arrays. This has seeded the landscape with new business models, including social media. “It’s compute power on a payable basis. It allows greater access to those applications, and the ability to have insights from that data,” Gallone said.
Not all perfect
This all sounds very Utopian, but so have most other paradigm shifts in technology. Where’s the downside? Naysayers rest assured: it’s there. “Security is partly the reason that adoption is slower,” said Telus’ Kabazo.
Companies worry about their data being compromised, and in some cases, fret about sovereignty. “How do I ensure that I haven’t had one of my employees post a presentation to Prezi that is viewable by everyone?” Brassor said, citing Prezi.com, a cloud-based presentation service.
It isn’t just crooks and hackers snooping on their data that worries some companies. There are concerns that government can access company files. In the U.S., section 215 of the Patriot Act gives the government enhanced abilities to appropriate data stored on any servers operated by U.S.-based data processors (even if those servers are in Canada). Other governments, including Canada’s own, have laws allowing government agents to access data stored by third-party processors. Lawful access legislation currently being mulled in Ottawa could open that up even further on Canadian soil.
“The reality is that Canadian companies are concerned,” said Albert Silverman, a senior vice-president in PwC Canada’s consulting practice. Even if regulations don’t restrict companies from storing data externally, the market might. “The Privacy Commissioner may say ‘Yes, you can put that data wherever you want’ but they may require you to disclose it to your customers.” Customers may not be happy for privacy or political reasons that their data is being stored in Michigan or Mumbai, rather than Mississauga.
The other issue that may give customers pause is reliability. Putting mission-critical data in a public cloud environment can lead to catastrophe if that infrastructure fails. Cloud advocates may dismiss concerns over security and sovereignty of data, but they can’t ignore the multiple outages experienced by the likes of Google (with Gmail), Amazon (with its EC2 computing service) and Microsoft (with its Office365 SaaS offering) in the past couple of years.
“We’re still seeing large companies leveraging IaaS for things like testing, but they’re being very selective,” Brassor said. Conservative companies may be happy to run development and testing servers in the cloud, but production is another thing entirely.
Get a strategy
All these challenges point to one thing: the need for a cloud computing strategy before you begin. Blindly aiming for cost reduction alone without considering the wider implications could leave you vulnerable to disaster. PwC’s Silverman said his clients fall into different categories. Some equate cloud computing with outsourcing. A second group thinks that it’s an evolution thereof. “Very few understand the revolutionary nature of cloud computing. So all of a sudden, you get a business user making IT decisions who is ill-equipped to make those decisions.”
For example, business departments may try to embrace cloud computing without understanding how it affects mission-critical legacy applications. They may not have the accounting structure to pay a provider on a subscription basis. When businesspeople drive cloud computing decisions without understanding the IT implications, the two can become misaligned.
The smaller and simpler the business is, the less these legacy integration issues may matter. Freshbooks integrates with 70 to 80 other cloud platforms. As long as a business can upload its data in the right format, these integrations are relatively easy. But if you’re an enterprise running a bespoke system for managing field engineers, it may be more difficult to get your business processes into the cloud.
“In many cases, the applications that have been written were constrained by very tightly coupled processes, and to decouple that is a big challenge,” said Microsoft’s Weigelt. So an application transition strategy is important. This will include a value and business impact analysis for all of your applications, to help you understand which, if any, should be transferred to the cloud.
Trust no one?
Customers may need to negotiate with their cloud service providers on security and reliability issues, too. Some cloud providers, such as Freshbooks, don’t provide service level agreements (SLAs) because they’re catering to small business customers with non-mission-critical services. Telus, on the other hand, offers various models of private and public cloud services for enterprise clients, and will provide up-time guarantees of 99.95 per cent on a monthly basis, Kabazo said.
In truth, however, SLAs such as these may be cold comfort for corporate customers should a service go down for longer. When Amazon’s EC2 cloud service failed spectacularly in April 2011 (and again this June), customers such as Netflix and Pinterest providing cloud-based services to their own users were significantly affected. A fail-over strategy between clouds (or between your own data centre and the cloud) can help to protect you, but can be expensive. Not putting mission-critical applications in cloud environments will probably be a default approach for many companies.
Similarly, customers may want to take security into their own hands when working with cloud providers. Security standards specifically addressing cloud computing environments are still in their infancy, and some providers will fall back on broad standards such as ISO 270001 as proof that they’re secure.
The hard, bitter fact is that the owner of the data, rather than the data processing supplier, will be liable in the event of a breach, meaning that it’s up to cloud computing customers to take extra measures to secure their data. Encrypting data at rest in an IaaS environment is a good idea. In SaaS environments that don’t offer encryption, services such as Ciphercloud can provide a gateway that encrypts data before it is sent to the cloud, and decrypt it on the way back.
Listen to some of the more enthusiastic cloud advocates and they’ll have you believe that we’ll all have abandoned our data centres in a few years, and will instead have transformed our IT staff into business analysts. The truth is probably a little more conservative: we will continue to adopt cloud computing, but with Canadian companies often slower to move, and with some applications simply not suitable for such an environment, it will be a long time indeed before all of our computing resources rest happily in the cloud.
The eight facets of cloud computing
Mobile computing is the next big paradigm for enterprise users. Putting software in the cloud can help to make it more accessible from any device.
Collaboration and cloud computing are a natural match, and storing data and application logic centrally opens up numerous possibilities.
Community clouds are built by cloud computing users from different teams or organizations that share their applications. Sector-specific users can also share specialist apps and Web services to build targeted systems.
Depending on your chosen model, you can use more rigid cloud models such as Software as a Service, or tinker at the software framework level. Infrastructure as a Service lets you play with raw virtual machines, which is as flexible as it gets.
The promise of cloud computing is that it can scale to suit your needs. Whether running a private cloud or using a public one, you can take advantage of virtualization’s efficiency to cram more tasks into the same resource.
Integration is a big opportunity in the cloud, but a major challenge, too. Cloud-enabled applications can exchange data—think about how Freshbooks integrates with other cloud-based apps—but this can lead to security and oversight concerns.
Security and reliability are big concerns for potential cloud users. Both external intruders and inside jobs could pose a threat to data. Where in the cloud is it being stored, and how safely?
The cloud encourages faster, more agile software development, which in turn leads to a faster application lifecycle and a more responsive business.
Backbone's Cloud Computing Blog
Cloud computing creating new jobs
Backbone's Resources: Cloud Companies in Canada