CSC this week hosted their EMEA Industry Analyst summit; Innoventure, in Paris. It was never quite explained what exactly an innoventure was but it sounds like a cross between innovation and adventure so perhaps it is like inventing something while dressing up in swashbuckling clothes. This potential for glory mixed with a lack of clarity unfortunately extended also to CSC's cloud strategy, which the vendor struggled to convincingly explain.

Like several other vendors, including cloud enabling infrastructure providers like VMware, Microsoft and CITRIX, CSC recognises that there are a number of potential approaches to implementing the cloud architecture. CSC refers to cloud architectures implemented for single tenancy within an owned (or internal) datacentre as private clouds, and internet hosted multi-tenancy external models as public clouds. The company uses the term hybrid clouds to refer to the mix of internal and external clouds that is really most likely to occur in a production, enterprise environment. While other vendors will interchange the terms "private" for "hybrid" while using "internal" where CSC uses "private", CSC's story is pretty much so far so good.

Where it all began to get a lot less clear was when CSC went on to explain that the internal cloud architecture was actually a simple extension of the existing datacentre architecture and therefore something that CSC has actually been doing for decades(!). Furthermore, internal, or in CSC's parlance "private" clouds are in fact "legacy". June 23rd 2009 thus goes in this writer's diary as being the date on which the first use of the term "legacy cloud" was heard. No doubt we will soon hear of "Cloud three-dot-oh" from some overly keen brand hack.

Moreover, CSC states that the driving philosophy behind their cloud strategy is "If we're going to be disrupted, we may as well disrupt ourselves", inferring a forward looking and proactive strategy. However, in relation to the question of how they see adoption of cloud architectures in the market playing out they state, "The market will decide and we will track the market direction and speed (before deciding on our own strategy)." As any backseat driver knows you either need to climb into the driver's seat and grasp the controls, or you ought to stay in the back and be gracefully taken wherever the vehicle is headed—trying to steer from the comfort of the rear is however just distracting to everyone concerned.

All of which is disappointing, especially given the outsourcing vendor's clear strength in underlying datacentre infrastructure, courtesy of their extensive portfolio of global and high capacity computing estate. The vendor has no shortage of processing capacity, IT skills, IT enabled business transformation acumen, and a track record of delivering innovative projects to the likes of Zurich Insurance, British Post, SNCF and long list more. Having thus helped disrupt others in a positive way, they might therefore reasonably be expected to demonstrate more real progress toward "disrupting themselves" than they currently show.

The one bright indicator of CSC's intent is their push for use of the Security Content Automation Protocol (SCAP) as a method for advertising the security and trustworthiness of a cloud based service. SCAP provides for 15 assertions related to security state, and CSC intends to be able to assert capability in all 15 areas. whilst encouraging the use of SCAP as a de-facto standard across the ICT industry for deploying trusted cloud computing services. SCAP assertions can be consumed automatically by a potential cloud services customer, thus providing an initial and ongoing statement of security capability and state, which could furthermore also be tied to a SLA via contractual terms. CSC's intended reliance on SCAP demonstrates that at least from an info-sec point of view, they have a firm grasp of the minutia involved in actually delivering cloud architecture on a workable basis for the enterprise customer.

CSC's biggest problem in navigating a successful path around cloud will be to pay the same level of attention to detail to their overall cloud services go-to-market strategy as they are demonstrating toward the details of cloud security and trustworthiness. Cloud is more than technology architecture, it is also a shift in the customer relationship management, in the billing approach, and in the range of services of potential interest to the customer. CSC's stated intention to "disrupt themselves" is currently likely to be achieved only through inattention to the need to formulate and execute a joined up strategy. Hardly innovative, and hardly a swashbuckling adventure for CSC's shareholders and customers.