By: Clive Longbottom, Head of Research, Quocirca
Published: 21st November 2012
Copyright Quocirca © 2012
At a recent Dell roundtable event on the future of cloud computing, the discussion centred around how cloud was not being adopted wholesale by many organisations yet. Various reasons were put forward, such as fear of change, fear of losing control, security issues and so on. A little while later on, several people were pushing the case for cloud around its capability to enable innovation.
Sure, cloud computing can provide a different way of doing things and can encourage a completely different way of facilitating business process – but if this is pushed as the main way that cloud works, then surely all that is happening is that users will be put off more? If fear of change is a factor to scare organisations off from using cloud, then moving critical business workloads to a relatively unproven emerging platform AND changing the way the application runs has to be enough not only to put the techies off the change, but also the business?
The view put forward by Quocirca was that organisations could start with a low-risk approach. If base level workloads such as file and print, email, payroll and so on were taken and moved onto a cloud architecture where resources could be shared in a flexible and dynamic manner, organisations could see that cloud worked and was ready for the higher level and more complex workloads.
At this stage, mayhem ensued. Several cries went up that this was just virtualisation, and not cloud. Why? Because it did not have self-service.
OK, the National Institute of Standards and Technology's (NIST) definition of cloud boils it down to 5 mandatory capabilities for cloud – broad network access, resource pooling, rapid elasticity, a measured service – and self-service. But just how important is self-service at a corporate level?
When salesforce.com first came to prominence, the biggest issue that Quocirca heard from organisations was that users were signing up to the service off their own bat, without involving IT. Therefore control was lost and new islands of functionality and data were being created that harmed the overall effectiveness of the business. In this case – and many others where externally sourced functions were easily available, such as Dropbox, self-service was a problem, not an advantage.
For simple reasons of governance risk and compliance, organisations need control over what their employees, consultants, contractors and partners can provision to themselves. Rules need to be in place and means of dealing with exceptions. NIST does not cover this in its definition, and therefore, Quocirca believes that it is too simple and is therefore flawed.
Let's look at it a different way: if a platform is connected to the internet, then it has broad access – even if there are then systems in place to ensure that only select users can get through to it. If it uses shared resources, it may just be virtualisation. Even if measurement tools are in place to audit and present reports on usage, it may still only be virtualisation. If the resource pool that is made available through virtualisation can be applied dynamically to the workloads, then this is pushing the capabilities of virtualisation. Does the lack of self-service stop such a dynamic platform from being a cloud service?
If we take the dynamic resource platform and layer tools upon it, for example Remedy, such that a user can raise a ticket to request that a service is made available to them, and the actions to do this are all automated, does this then make the platform a true cloud? If so, then something is wrong, as the self-service is not part of the platform itself – it could well be served by Remedy running on a separate physical server, yet Remedy allows for highly granular control over how services are allocated and provides a solid audit of what was done where and when.
If cloud is going to more rapidly adopted, then low-risk use cases are going to be needed to be demonstrated to the mainstream organisations. Trying to get them to move mission-critical enterprise apps from a known, already well-managed environment to one where they have worries is not the way to do it. To then quibble over whether a platform is cloud or not just because a user cannot automatically demand 14ZB of storage and 43 different email addresses is not going to help.
If the platform provides elasticity of resources for multiple different workloads and is connected to a broad group of people, then as far as Quocirca is concerned, it is cloud.
Oh – and for the purists, then sticking to the letter of the definition means that "private cloud" can never exist: it does not come under the necessary "broad network access" definition.
We have not received any comments against this entry. Why not be the first?
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761