Next in the Cloud: Prepackaged Services, Smarter Security, Shared Liability
Advanced cloud computing customers, and providers, are moving beyond the first conversations around security and cost to more sophisticated models of virtual compute, storage and network resources delivered over the Web. These include tested and reliable “productized” cloud services, detailed conversations about how much security is “enough” for specific cloud services in specific industries, and even new models for sharing liability.
But reaching this next level of cloud value will require new thinking from both cloud providers and customers. That was the subject of a Q&A I did recently with backup vendor eVault’s “Expert’s Corner,”, based on recent stories I’ve done defining a cloud security checklist and exploring, whether and where, there’s a cloud silver lining for outsourcing firms. (Editor’s note: Please disregard the “BS” before each of my answers. Ouch!)
i365: In your blog, you note that customers are demanding “more ‘productized’ cloud services that can be rolled out in a predictable, consistent way” and that providers are increasingly delivering commoditized services. There are obvious advantages to this trend from both the customer and provider’s standpoint, but do you foresee any drawbacks to the growth of this “pre-tested, pre-integrated, and pre-priced” service model? What will the better service providers to do ensure quality is not compromised?
BS: The key success factor here is how well both the cloud vendor and the customer can identify which services are actual “commodities” and can be delivered (and purchased) as a “black box” without customization or configuration. Vendors need to do the right amount of market research to understand which services are common enough that a critical mass of customers will buy them, and that can be cost-effectively packaged to run on the most common hardware and software platforms. It is also, of course, up to customers to look “under the hood” enough to assure they are getting the services they need (including reliability, performance and up-time.) Even in “commodities” such as notebook computers, cleaning services and payroll services, not all providers are created equal. The best service providers will base their services on industry standard “best practices” such as those from ITIL, and will test them under real world loads. This may raise costs, but you get what you pay for, even in commodity services.
i365: Your “Cloud Security Checklist” in Computerworld reflects the need for dialogue between cloud customer and service providers. To what extent do you think these dialogues take place?
BS: My guess is that it happens fairly often, and around fairly specific metrics, with the larger customers who already have security standards and processes. Smaller firms who themselves lack strong security policies or skills are more likely to trust either the service provider to ensure “good enough” security, or trust the provider’s larger customers to demand a level of security that will protect smaller customers also. This is risky – every customer should understand their individual “must haves” in security protection (especially around areas such as protecting customer data, or assuring critical regulatory compliance) rather than trust either the vendor or its larger customers.
i365: You note that security “remains the big bug-a-boo supposedly scaring the biggest enterprises from the cloud.” Do you foresee data security as remaining one of the biggest challenges in cloud computing? How will the issue of data security change over time?
BS: From my reporting, the biggest challenge is for cloud providers to explain that adequate levels of security are as possible in the cloud as within the enterprise, as long as the provider uses the proper technology AND processes. Customers, for their part, need to understand how much risk they are running by providing their own security, and that the issue isn’t public cloud vs. private cloud, but understanding and addressing the most critical risks.
Over time I see the focus shifting to the specifics of how security is implemented, and how it relates to business needs, rather than whether it is implemented in a public, private or hybrid environment.
i365: You also comment that there is “a lot of opportunity for differentiation and innovation as the cloud matures.” What key trends do you think cloud providers will continue to innovate and differentiate around?
BS: They include:
1) Specialized offerings for vertical markets, built with an understanding of the specific needs of say, retail vs. financial services vs. industrial customers.
2) Innovative models for handling liability, which in many cases service providers now push back to the customer. For example, a group of large customers in financial services may pool their business and steer it to a large (even semi-captive) public provider who can, by also pooling the risk, assume the liability for security breaches at an affordable level.
3) A move to provide not only IT services (such as servers) or applications (such as CRM) but also full-fledged business services, such as accounts payable or invoice management. This is a way for business process outsourcers to move into the cloud market and, potentially, into higher value-add services.
4) More real-time reports and analysis for the customer of where their data is being processed and stored, especially for those (such as in the EU) who face geographic limits on where they may store their data.
5) And, finally, a greater variety of offerings, ranging from “black box” services for customers who only need a given level of performance and uptime, to more configurable services for customers who need to, for example, control server or storage configuration for compliance or security reasons.
i365: Thanks Bob.
If you’d like to discuss how to communicate your thought leadership on cloud to the market, email me or call at 781 599-3262.
Filed under: Tech Trends
Like this post? Subscribe to my RSS feed and get loads more!