Summary : cloud is the future. But it means so many things that it increases the confusion between business people who ask for it and IT ones who have their own vision. The visit of the first IBM Cloud center located in France was a good opportunity to run through things, compare how business and IT people see things and try to answer three questions : what is the cloud, is it made for business or people and are date safe in the cloud ?
Before all I would like to apologize toward my IT audience that will certainly find this post too popularizer and approximate my point is mainly to make things clearer for business people who have been told so often that cloud meant “easy and simple” that they don’t understand why it actually takes more time or find themselves in complicated situations because of the consequences of short term decisions they once made.
I’ve been thinking about this post for a while but the trigger was my attendance at the opening of the first IBM cloud center located in France. Since I had their experts at hand and could benefit from the insights of industry journalists, it was the perfect moment to improve my cloud culture and compare what I heard with situations I often see in most of the companies.
Today, when an intranet, social network or collaboration project start, it’s common to hear “we need to go fast so let’s make it simple and easy and go in the cloud”. And the project owner is often deceived when he learns that it will either take 8 months or that he won’t get exactly what he needed.
The reason is simple : there are so many realities behind the cloud word that all the people involved in the project seldom share the same vision and agree on what they mean. And when they realize their mistake, it’s often too late.
Three different realities behind the cloud
Any cloud-savvy person knows it but most business people should be aware of that. Cloud means three different things.
– Software as a service (Saas) : you pay to use an online application. You need one click to start. That’s what business people are usually sold by vendors.
– Platform as a service (Paas) : you pay for an environment (hardware and software infrastructure, managed services) that will allow you to host and run anything you want.
– Infrastructure as a Service (Iaas) : to pay to use an infrastructure but you to install and manage all the software layer that will make everything work. It’s usually used to make…Saas and Paas work.
It may look a little bit technical even if oversimplified but you’ll see to what extent it can lead to misunderstandings between business and IT people.
The downsides of marketing discourses
As any business people why he wants to use cloud, you’ll get the same answer : “because it’s quick and easy…in only one click I have everything working while if I want to host it internally….”. That’s true in Saas. But the same question always come as the project gets more mature : more customization and integration into the work environment is needed and…that’s not really what Saas applications have been designed for. Saas is to software what the Ford T was to cars : available in any color provided it’s black? “But I was told everything was possible in the cloud”. Yes…but not in this cloud. True in Paas, not really in Saas.
That’s what when a workplace project goes in the cloud, business people think Saas and IT things Paas…what means that business people don’t understand why it takes 10 months instead of 10 minutes.
There’s another misunderstanding when business people say “My IT department does not want cloud solutions”. In fact they don’t want public cloud for security reasons (some being true concern, others being..humm) so they prefer to host the application “at home”. And “at home” sometimes means…a Paas on servers located on servers that are 10 meters away from those who host Saas applications but separated from it from in infrastructure standpoint.
Too technical ? Better understand it to avoid really unpleasant situations where people talking about the same thing but seen from different standpoint focus on their disagreement rather than achieving a solution based on what they have in common.
So this point leads to data security.
Public cloud, private cloud and data security
Seen with business eyes, IT does not like cloud because it lacks security. That’s wrong. IT often loves cloud…when it’s private. Understand that even if the infrastructure and services are “elsewhere”, if it can easily scale, enterprise data are on servers and circulate trough wires that are not shared with any other customer. On the contrary, on a public cloud, everything is shared. This point may look trivial but it’s essential for some applications and kind of data, or may even be a matter of legal compliance in some industries.Â You may think that it may be too much for an intranet or a social networking platform but when the same clouds also hosts the crm, the accounting and HR sustems…it may be more understandable. Here again, business people see their needs while IT needs to think global.
So remember that the problem is seldom the cloud but the way it’s delivered. Saas will always be public, Paas public or private depending on your request.
Interesting point : some customers ak IBM to mix both. That means having a private cloud in which they could have public one : it allows some applications to have dedicated resources, others to have shared ones but the whole being on private infrastructure dedicated to the company. A good means to balance the security and flexibity needs depending on the application.
But in fact, who in the organization should buy the cloud ?
As you have guessed, the purpose of this note is to make business people more aware of IT’s constraints so they’ll all be able to speak the same language and work together to be both successful instead of making small misunderstanding become major issues.
This lead us to a very important point : knowing who should by the “cloud buyer” since we’ve seen that if everybody is dreams of the cloud, not everybody dreams about the same cloud.
Cloud become famous because of business people who saw it as an opportunity to do things quick and good by getting rid of IT’s red tapes with Saas solutions. This can be good for some needs but can become a real long term issue. Let’s take a social network project as an example. Saas made it easy to easily start such initiatives. Bottom line : few initiatives have reached the critical size needed for success and, moreover, social silos multiplied in the organization.
As for the few successful projects, one day or the other they become a part of the works conducted on the future of the digital workplace. Integration in the portal, with business apps, ECMs, SSO, interface redesign….what’s not always easy in Saas. Moreover, frequent upgrades that are a very good thing in the Saas model can become major issues when the application becomes integrated.
Meanwhile, IT people have thought a lot about the cloud too. But more about Paas. While business people wanted to start fast, IT departments took the angle of re-conceiving all the IS. New way of thinking, of delivering and managing all their applications and services. And as we all know…it takes a long time for things to happen quickly….
Last, it seems that some vendors that were very successful by selling to business people only are starting to move backwards. The reason is obvious : as organizations become more mature, they want to de-silo their projects and have a global and unified approach. In the end, depending on the choices that will be made, the IT will be able to block access to what is not in the “official portfolio” anymore.
So buying the cloud is a collective choice. Business people will define their needs and chose what tool fits best, IT will propose the best delivery system and provide business with a short list of “compliant” applications. The real challenge will be to balance the need for immediacy in the one hand, and a need for a global, integrated and coherent strategy in the other hand. There won’t be any one-size-fits-all solution : if you want to start something that is not supposed to last or on a small scope, Saas should be more than good enough, if your purpose is to change the digital workplace, it will take more time and the need for ensuring the continued existence of the platform as well as scalability concerns should lead you to a global project, involving many stakeholders and ending in Paas.
In short, the cloud should not be seen as a way to escape from the corporate IT but as the result of a collective work aiming at preparing the future.
Patriot act and legal risk
Once dealt with data security from a technical standpoint, the focus quickly moved to legal security, mainly regarding to the Patriot Act which is seen as a major concern in Europe. Organizations mostly fear two breaches : one related to data physical location, the other on the nationality of the company that operates the cloud environment.
As for the physical location, this is exactly why IBM decided to open this cloud center in France. So any company can decide to have their data hosted in France (or in any of their 7 centers).
As for the nationality of the company, the center has been entirely funded by IBM France which is a french company that works with french customers according to contracts subjected to french laws. This was confirmed by IBM customers during the event : they don’t see any major issue here. But they raised a third potential breach many companies don’t seem to be aware of. As a matter of fact the Patriot Act does not apply regarding to the nationality of the company only but also to the nationality of any employee working on the project.
In other words, if an US employee works on the project he makes it vulnerable from a legal standpoint. So a customer said having stated in the contract that no person having the US nationality could be involved in the execution of the contract.
That’s not trivial at all when we see so-called sovereign cloud initiatives multiplying. Even operated by french companies, even state funded, even physically located on the french territory, the presence of any US citizen makes data as vulnerable as if they were hosted by an US company in the USA. Worth being known..
But customers seems to be all agreeing on one point : the Patriot Act is not a major concern. What matters is the security and privacy of data so it’s more a private/public cloud decision.
One thing we can be sure of : cloud is “as a service”.
In the end, the cloud can take so many forms that this generic name causes a lot of confusion. Could be only agree on the fact that “cloud is flexible and hosted ‘elsewhere'”. Not even : you could have your own cloud installed “at home” : that’s what AT&T did.
So..what remains ? Flexibility, scalability, speed… So, what we can be sure of is that what defines cloud is service.