Where does cloud computing fit within your Enterprise IT plans? 
 
 
By Jonathan Shaw, Pace Harmon
 
 

What is Cloud Computing?
Ask five analysts, vendors, or consultants to define Cloud Computing and they’ll likely give five different explanations. Definitions range from the narrow (Internet accessed utility computing) to the very broad (any technology provided outside the firewall – up to and including traditional IT Outsourcing). The one thing these definitions have in common is that they all enable vendors to claim to provide today’s “must-have” offering!
So the first item in determining where Cloud Computing fits within the enterprise is to define what it really is. The closest thing to a standard definition comes from the National Institute of Science Standards and Technology:
“Cloud Computing is a model for enabling convenient, on-demand network
access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.”
 

Based on this, the key aspects of Cloud Computing include:
• Services are provided remotely and can be accessed via standard mechanisms and protocols over a network connection.

• Services can be provisioned and configured dynamically on a self-service basis with little, if any, service provider interaction.

• Services are provided in a pooled multi-user model, with dynamic assignment of virtual resources as demand ebbs and flows. Some form of usage-based payment for the services is implicit.
 

It should be noted that the NIST definition describes Public Clouds (resources provided to customers at large, such as Amazon’s Web Services), and/or Community Clouds (resources provided to an industry or business grouping, such as the Federal Cloud Computing Initiative). A third category of Cloud Computing service delivery is Private Clouds, which involve a heavily virtualized enterprise environment that enables improved resource utilization. This memo focuses on the Public/Community Cloud model.
 
 
The NIST definition also doesn’t describe “what” is provided by the Cloud delivery model. Following are the three main Cloud Computing service types:
• Software as a Service (SaaS), where a complete application stack is provided to the customer. SaaS is a mature offering and is increasingly used to deliver critical capabilities including CRM (e.g., Salesforce.com), HR/ERP (e.g., Workday, NetSuite, Concur), Collaboration (e.g., Microsoft Business Productivity Online, IBM Lotus-Live Notes, Cisco WebEx Mail) and IT Systems Management (e.g., Service-now.com, SAManage, Paglo).

• Platform as a Service (PaaS), where a complete environment supporting an application’s development, deployment and operation is provided as an abstracted service. In other words, PaaS is a service that enables the development and/or deployment of custom SaaS offerings. Notable PaaS offerings include Google’s App Engine (for development in Java or any JVM-interpreted language such as Ruby, Python, Groovy, etc.), Microsoft Azure (for developing using .NET, C++, PHP, Ruby, Python, and Java), and Bungee Connect (utilizing its own eponymous object-oriented development language).

• Infrastructure as a Service (IaaS), where discrete infrastructure components are provided as a service—essentially a reprise of utility computing. Amazon is the most commonly cited example, with its Computing (Amazon EC2), Storage (Amazon S3), and Database (Amazon SimpleDB) offerings, but there are many alternate providers including AppNexus, GoGrid, Flexiscale and Rackspace.
 

Why would I use Cloud Computing?
The benefits of Cloud Computing are principally related to the shared resource model, the opportunity to rapidly access these resources, and the ability to buy only what is used (“by the sip”). This contrasts to the significant infrastructure, application and development resource investment required to obtain access to an “enterprise class” offering in a traditional model. In particular Cloud Computing can enable:

Cost Effectiveness, providing the business immediate and economic access to enterprise-class IT services. In a traditional model, access to these resources would require significant capital investment (or large ongoing financial commitments). The by-the-sip purchasing model enables companies with a limited demand access to these services.
 

Scalability, with an ability to respond rapidly to peaks and troughs in demand for IT resources and to pay for only the needed resources when they are needed. In a traditional model, systems need to be architected to support peaks in utilization, leaving costly resources sitting idle for most of the time.
 

Timeliness, with rapid deployment timeframes measured in hours (for infrastructure and/or platforms) to weeks (for software). From sizing and purchasing infrastructure to installation, configuration, and testing, the deployment of enterprise infrastructure and applications is usually measured in months. Cloud Computing services therefore become an attractive option when timeframes are aggressive.
 

Operational Simplicity, achieved through the reduced volume and complexity of technology management responsibilities (particularly for abstracted SaaS or PaaS offerings). With these offerings, many operational responsibilities are provided as part of the service (e.g., facilities, procurement, capacity planning, system and database administration), freeing the business from having to acquire or expand its technology operations staff to accommodate the new technology.
 
 
As a rule of thumb, the operational and financial benefits of Cloud Computing offerings decline as the level of abstraction decreases from SaaS to individual IaaS components (as shown in Figure 1). This is one reason that SaaS is currently, by far, the most commonly considered form of Cloud Computing. Note also that as the scale of the enterprise increases, the benefits of the shared resource model decrease (i.e., large service volumes enable similar benefits to be achieved through virtualization and Private Cloud approaches that can avoid many of the current drawbacks of Public Clouds, such as those outlined below).
 

Why wouldn’t I use Cloud Computing?
In our experience, the most common obstacles to using Cloud Computing services relate to:
 

Business Risk. There are intrinsic risks in making a third-party vendor responsible for part of the business’s key operations and/or service offerings. Even with extensive diligence, ongoing audits, and aggressive management, Cloud Computing still requires a level of trust in the vendor infrastructure and operations. And the Cloud delivery model makes this task more complex; vendor and service diligence was relatively straightforward in a “dedicated” world where each service was located on a particular server. By definition, Cloud delivery limits the commitments that the provider can make to the server, location or even country from which the service is delivered. This also has substantial implications with respect to regulatory compliance (e.g., HIPAA, FISMA, SOX, PCI DSS) and legal (e.g., EU Data Protection Directive, German GDPDU).
 
 
Data Security. Compared to an internal deployment on standardized architecture, it is a challenge to incorporate Cloud services into enterprise-wide data archiving, backup and recovery processes. While some businesses may be content with the vendor’s services in this domain, the issue of obtaining the data in the event of vendor termination or cessation of business operations should still be addressed. And, as more than one company has anecdotally found to its detriment, if the vendor uses a proprietary database format, then the company may not be able to readily utilize the data even if it does get it back.
 

Integration Complexity. While standalone services may have some value, integration is key to enabling end-to-end business processes. Integrating cloud offerings with internal resources (such as Active Directory for single sign on) or other cloud services is challenging. Vendors are starting to recognize and address this issue, with many SaaS vendors developing related PaaS environments to enable development and integration (e.g., Salesforce’s Force.com and VMForce offerings). At the moment, however, an enterprise would need to think very carefully about replacing a discrete application within a tightly integrated architecture with a SaaS/PaaS offering.
 

Inflexibility. The configurability of SaaS offerings is inherently limited because of the “shared” delivery model. The shared platform basically precludes comprehensive changes and an enterprise may not wish to redesign its processes or make the necessary compromises in application functionality. The historic tendency towards customizing applications can be seen in the multi-billion dollar industry that supports deployments of Commercial Off-The-Shelf (COTS) applications. Further, the timeframe to develop and deploy new functionality is outside the enterprise’s direct control, with the business potentially having to wait for a desired capability to be included on the application or platform roadmap.
 

Contractual terms. A full discussion of contractual terms is beyond the scope of this memo, but this is an area that often poses problems for the enterprise. Volume commitments, change fees and minimum terms can significantly constrain the expected scalability and flexibility. Broad vendor termination rights, with little or no notice, and an absence of post-termination assistance, could potentially place a company in a very difficult situation. Performance guarantees and Service Level Agreements (SLAs) are essential when placing anything important in the cloud – and the vendors’ standards are generally weak with broad exclusions. Also, many IaaS/PaaS offerings are focused on the SMB market, with click-through licenses that the provider can unilaterally alter. For example, Amazon’s terms allow it to “modify this Agreement…at any time by posting a revised version of the Agreement” on its website, with the revised terms becoming effective within 15 days of the posting. 
 

So, where does Cloud Computing fit?
Cloud Computing is simply an alternative delivery model alongside other options such as “self-build”, traditional (dedicated) IT outsourcing, and hosting/application service providers. For each function or application to be deployed, companies should evaluate the Cloud solution as they would any other alternative—determining the risks, benefits and comparative Return on Investment (ROI). There is no single answer as to the circumstances where Cloud Computing best fits; in each case the answer depends on the relative importance of the benefits and drawbacks of the Cloud model.
 

That said, Pace Harmon has seen Cloud Computing make financial and operational sense in the following broad areas:
• SaaS solutions to avoid large capital outlays. This might occur when in-sourcing a previously outsourced solution (e.g., deploying a new HR system to replace a terminated HRO agreement) or when facing a significant upgrade (e.g., from Exchange 2000 to Exchange 2007). Operational costs may provide additional savings when the support of a new offering would require development of additional niche capabilities that might be difficult to obtain or integrate within the IT organization.
 

• SaaS to better meet business users’ requirements. Because SaaS is delivered from a shared platform, it is inherently less configurable than a COTS application. Successful SaaS products therefore need to incorporate the majority of typical enterprise requirements out of the box, with a focus on the areas of concern to the business (e.g., reporting). Several SaaS products meet user requirements more closely than leading COTS applications in the space. In customer-centric IT organizations, the strong preference of the business for particular functionality (and the dramatically shortened deployment timeline) may outweigh any disadvantages of the Cloud delivery model. As a side-note, SaaS providers often use this advantage to sell to the business directly rather than to IT, instead relying on the business to promote the product within IT.
 

• PaaS to kick start development projects. This approach works when the multitude of servers required to support the development, staging, regression and testing environments are replaced by a virtualized platform. Alternatively, the enterprise can build its own environments using discrete IaaS components. While the ultimate promise of PaaS is to also support production instances, in our experience customers have been wary to do so and prefer to migrate the application to their own infrastructure when deploying into production. Even when the business chooses to build dedicated development environments for large projects, PaaS/IaaS can still be used to enable an interim development/sandbox environment while such infrastructure is deployed.
 

• IaaS to provide transient capacity. The enterprise can address short-term spikes in demand (e.g., websites with predictable, periodic peaks) by using IaaS to quickly deploy server instances, database capacity, and storage. Amazon EC2 in particular lends itself to this approach with the ability to create and store Amazon Machine Images (“AMIs”), quickly initiate and terminate instances based on stored AMIs, provide root access to each virtual server, and provide persistent storage that survives instance termination. Even if the service is rarely used, having this “burst” capability available enables reduced safety margins in enterprise server capacity planning.
 

Conclusion
Cloud Computing is an evolving model that holds significant promise as a cost-effective option to obtain access to technology resources. Companies should evaluate each opportunity on a case-by-case basis to determine the benefits and disadvantages of a Cloud Computing approach versus traditional self-owned and/or outsourced models. In general, the net benefits of Cloud Computing are less clear-cut for the large enterprise than for the small business and startup segments. However, there are still circumstances where Cloud Computing may be the right solution.
 

Enterprise architects need to be aware of the Cloud Computing offerings relevant to their areas of responsibility and to continue to evaluate them against other delivery models. SaaS is already a credible option for many business applications. Platform and Infrastructure offerings currently have limited applicability for large production environments, but can certainly address transient and non-production infrastructure needs. While it is unlikely that an enterprise would deploy its critical infrastructure in the Cloud today, the sheer scale of investment in this space from leaders such as Microsoft, Amazon, Oracle and Dell suggests that this may not remain the case for much longer.