Factors Shaping The Future of Cloud Computing

Factors Shaping the Future of Cloud Computing
By Steven Francis BA University of Washington, 1995 SUBMITTED TO THE MIT SLOAN SCHOOL OF MANAGEMENT IN PARTIAL FUFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF BUSINESS ADMINISTRATION AT THE MASSACHUSETTS INSTITUTE OF TECHNOLOGY JUNE 2011 2011 Steven Francis. All Rights Reserved.
Signature of Author: ____________________________________________________________________ MIT Sloan School of Management May 6, 2011
Certified By: __________________________________________________________________________ Professor Michael Cusumano Sloan Management Review Distinguished Professor of Management Thesis Supervisor
Accepted By: __________________________________________________________________________ Stephen Sacca Sloan Fellows Program in Innovation and Global Leadership Program Director
Steve Francis, Sloan Fellow 2011
Page 1
This page intentionally left blank
Page 2
Factors Shaping the Future of Cloud Computing

By Steve Francis Submitted to the MIT Sloan School of Management on May 6, 2011 in partial fulfillment of the requirements for the degree of Master of Business Administration
ABSTRACT Many different forces are currently shaping the future of the Cloud Computing Market. End user demand and end user investment in existing technology are important drivers. Vendor innovation and competitive strategy are also important determinants of what cloud solutions will look like in the future. Regulatory requirements, although they are not intended to, also play an important role. Finally, the constant pressure on Information Technology departments to provide everything as a business service has perhaps the most profound influence. When investigated and viewed together, these factors provide powerful insight into how the Cloud Computing market is likely to evolve. Thesis Supervisor: Professor Michael Cusumano Title: Sloan Management Review Distinguished Professor of Management
Page 3
This page intentionally left blank
Page 4
Table of Contents
1. Objective 2. Introduction 3. Background and Definitions 4. Cloud Enabling Technologies 4.1. Provisoining 4.2. Virtualization 4.3. Software Appliances 5. The Market Today 6. History of Cloud and Shared Services 7. Cloud Market Forces 7.1. Infrastructure As A Service 7.2. Platform As A Service 7.3. Software As A Service
Page 5
8. Customer Specific Forces 8.1. Virtualization 8.2. Cloud Management and Provisioning 8.3. Privacy and Security 8.3.1. Identity Federation 8.3.2. Security Responsibility 8.4. Regulatory Requirements 8.4.1. Labor Laws and Labor Influence 8.4.2. Net Neutrality 8.4.3. State Data Privacy Laws and Regulations 8.4.4. Federal Data Privacy Laws and Regulations 9. What Customers Did Not Say 10. The Role of Standards 11. Conclusions 11.1. Consolidation vs. Sprawl 11.2. Valuation 11.3. Partnering for Service Delivery 11.4. Regulatory Landscape 11.5. Speed of Change 11.6. Platforms Will Prevail
1. Objective
The objective of this thesis is to examine forces that have influenced and continue to influence the cloud computing market in order to gain predictive power over how this market might evolve. These forces can be categorized as follows.
Page 6
1. The History of the Market 2. Current Market Composition and Landscape 3. Vendor Innovation and Strategy 4. Customer Preferences and Concerns
By understanding these forces we can hopefully better understand where the market will go, including what cloud based solutions will look like in the future and the value that customers will receive from them. Although government forces are not addressed separately here, I will address this as part of the customer discussions, and throughout the document.
We will begin with some definitions in order to put the paper in context, review some market history and the evolution of cloud technology, and will then move on to a snap shot of the industry today. This will include a review of some vendor solutions and technologies. Next we will take a close look at customer requirements and preferences, based on extensive customer interviewing. Finally, I will address how standards might shape the market and will investigate a couple of specific technologies, and will then
Page 7
move on to conclusions.
2. Introduction
The amount of written material dedicated to the definition of cloud computing will be limited, since much has been written on this already. A common definition has emerged for cloud computing and can be summarized as follows: Internet based services for software applications, software platforms or hardware that are usually paid for by subscription. These services are elastic, pay per use, multi-tenant, and managed by a 3rd party so that customers need not worry about hardware specifications, administration or software licenses.
This description, and cloud computing in general, has a lot of jargon, so I will explain a few important concepts to help clarify. Because the preceding definition may be somewhat confusing to those outside of the IT field it is worth pointing out some of the practical advantages for organizations that use cloud based technology. They do not need to purchase or wait for physical hardware to arrive. No software installations are required. No system configuration or performance tuning is required. Capacity
Page 8
planning becomes fairly unimportant. Expenditures for hardware upgrades/refreshes are eliminated. Costs rise directly in line with usage, eliminating large unplanned purchases for more capacity. Under capacity and over capacity problems are eliminated. It is for these reasons that there has been so much enthusiasm about cloud computing. You may have noticed that most of these benefits sound exactly like benefits from purchasing software over the web. This is true, although cloud encompasses far more than just web based software.
3. Background and Definitions
Software As A Service (SAAS) is software delivered over the internet, typically via a web browser, that provides end user business functionality such as HRMS (Human Resource Management System), ERP (Enterprise Resource Planning) or SFA (Sales Force Automation). NetSuite, Workday and Salesforce.com are examples of SAAS vendors. SAAS solutions are typically paid for on a subscription basis. Technology Research firm IDC reports that SAAS, or cloud based applications, accounted for more than half of public cloud revenues in 2009. Over the next four years, all segments of the as-a-service market are forecast to exhibit strong growth, although applications are
Page 9
forecast to drop to one-third of as-a-service revenue, while expenditures on PAAS and IAAS are forecast to increase (6)
Platform As a Service (PAAS) is software delivered over the internet, which other software applications can be built on. Such platforms may provide easy to use frameworks for rapid application development, as well as reusable objects and services to speed the creation and delivery of new software applications. Examples of reusable services are email capabilities, calendar capabilities and contact lists. Such applications, once created, will be hosted with the service provider. Examples of PAAS solutions are Microsoft Azure, Salesforce.coms force.com platform, Google AppEngine, Bungee Connect, IBM LotusLive and Amazon Web Services.
Infrastructure As a Service (IAAS) typically refers to hardware that is hosted and accessible via the internet. This includes storage, memory, network capabilities and processing power. Rackspace, Amazon EC2, Zumodrive, Drop Box, HP and IBM Computing on Demand are examples of IAAS solutions.
Even though SAAS has accounted for more than 50% of public cloud expenditures so
Page 10
far, it seems likely, and congruous with IDCs forecasts, that future investments will become more balanced across different as-a-service offerings. One reason for this is that a continuum of complexity exists from SAAS, to IAAS to PAAS (figure 1). SAAS solutions are the least complex, and involve the least amount of vendor lock in and overall investment along this continuum. PAAS solutions are the most complex, and represent the highest level of vendor lock-in. For these reasons, it is not surprising that adoption of as-a-service technologies looks like a pyramid, with SAAS at the bottom, representing the broadest adoption, and PAAS at the top, representing the smallest adoption. This is consistent with the adoption pattern of most technologies, where the least risky solutions are adopted first and then later, after the lower risk technologies are proven, adoption advances to more sophisticated solutions. This is also a consistent with how vendors have innovated. The leading SAAS vendor, Salesforce.com, was founded in 1999. Next, Amazon.com, the leading vendor in the IAAS market, launched their services starting in 2006. Finally, Microsoft and Google launched their respective PAAS offerings, Azure and App Engine, in 2008.
Page 11
Figure 1
Pay Per Use Perhaps the most important characteristic of cloud computing is that resources can be purchased on a per use basis. Customers no longer have to buy quantities of hardware, software and other computing resources to match times of peak use. Customers using cloud technology no longer need large data centers full of expensive hardware and software that have an average utilization of 10 to 15 percent. Cloud vendors will run the hardware and/or software and utilization becomes their problem. Vendors can achieve higher levels of utilization by mixing workloads and using virtualization technology, which is transparent to customers. Customers can scale their use up or down on an as-needed basis and they only need to pay for what they use. The following graphic (figure 2) illustrates the savings (shaded) that might be achieved from adopting cloud technologies that are pay per use vs. running all
Page 12
computing resources in a dedicated corporate data center.
Figure 2
Elastic Elastic computing resources expand when needed. This concept is closely related to pay-per-use, although elasticity is more of a technical concept. Elasticity is a systems ability to automatically provision more resources when needed, whether it is storage, memory or other resources. Traditional IT assets that are hosted on-premise
Steve Francis, Sloan Fellow 2011 Page 13
are not elastic. For example, an IT shop might have a software license that allows them to run a database program on a two CPU machine. This would also require a two CPU machine to run this software on. If this system ran out of capacity it might require repurposing or throwing away the old machine, buying a new bigger machine and additional software licenses for the new bigger machine. With software purchased as a service, if the user load increases, the vendor provisions more resources as needed and the customer does not even need to know about it. They are just billed for the additional use. Elasticity, or provisioning additional capacity in an automated and efficient manner is one of the qualities of cloud computing that makes it so compelling.
Multi Tenant Multi tenant resources are resources that are shared by more than one party. For example, a software application that supports users from multiple companies, within the same database schema, where data is kept separate through primary-foreign key relationships, would be considered multi tenant. Or, a machine that has multiple virtual machines running on it, each with its own operating system, database and platform software stack, would be considered multi-tenant. Multi tenancy can be achieved in a variety of ways and multi tenant resources may be found at any layer of the IT stack. Multi Tenancy is typically of much greater benefit to the vendor or
Page 14
service provider than it is to the customer. Multi tenancy allows vendors or cloud service providers to achieve high levels of efficiency and utilization. Theoretically, customers should not care whether a cloud application is multi tenant or not, as long as their service levels are met. However, due to legislative, privacy and security issues, they often do care, and I will explore this more later.
On Premise Infrastructure or software that runs in a data center or facility owned by the entity using it is considered on premise. This is the traditional computing model.
Off Premise (hosted) Infrastructure or software that runs in a data center or facility that is not owned by the entity using it is considered hosted or off premise. Cloud resources are hosted, or off-premise.
Public Cloud A public cloud is any cloud as-a-service solution that is hosted by a vendor that supporting multiple customers. IDC predicts that by 2014, public cloudrelated projects will account for one-quarter of net new IT product spending growth (7).
Private Cloud A private cloud is any cloud infrastructure or software that is hosted in a
Page 15
corporate (or government) data center that supports internal customers. Such customers are typically different departments or groups of employees within the same organization.
Hybrid Cloud A hybrid cloud is a combination of private and public clouds. Increasingly, it is likely that more cloud environments will be defined as hybrid. Hybrid clouds are characterized by services that may be delivered to the end customers either by an internal IT group, or by 3rd party cloud service providers, depending on which makes the most sense in terms of cost, control, privacy/security and other factors. The end user likely has no idea where the services he is using originate from.
4. Cloud Enabling Technologies
4.1.
Provisioning
Workflows and processes that define how services are deployed to new or existing customers are commonly called provisioning processes. Provisioning processes exist for adding a new customer, adding a new service for an existing customer or removing
Page 16
a service from an existing customer (de-provisioning). Provisioning processes must include both technical and business functions. New customers must be set up for billing and invoicing, and they must also be provided with the services that they ordered, which includes system resources, security credentials and instructions. Cloud customers are also typically given the ability to perform some level of customization to the services they receive. Examples of such customization are as follows:
Adding configuration information to integrate with a corporate directory such as Active Directory, or another LDAP directory Performance and service level options Backup and recovery options Encryption options Changing fonts, colors, logos or other branding information
This is just a few examples of customizations that might be part of a provisioning process. Deploying services to new customers quickly and easily is part of what makes cloud computing so attractive. Generally, provisioning of cloud services tends to be more automated than with traditional services. This is because multiple customers may
Page 17
be supported, which makes repeatability, and investments in automation for customer on-boarding, very important.
4.2 Virtualization
Virtualization, or server virtualization, makes one machine look like many machines. It enables the simultaneous operation of multiple operating system environments on a single machine. Each environment appears to be a unique physical machine. Virtualization is an extremely important concept in cloud computing. It is a key enabler of cloud infrastructures. During my cloud customer interviews, when I asked customers which vendor was most important to their cloud strategy, each customer cited their virtualization vendor, without exception. Although virtualization is not a cloud technology per-se, it is one of the main enablers of cloud computing
Server virtualization is enabled by the use of Virtual Machines. Virtual Machines have a management layer called a hypervisor that enable the core virtualization functions. There are two types of hypervisors, Type 1 and Type 2. Type 1 hypervisors run on bare
Page 18
metal and enable the provisioning of virtual machines at the hardware layer. Type 2 hypervisors run on a host operating system (2, Rhoton, pg 39)
Thanks to virtualization, when a SAAS vendor wants to provide service to a new customer, it can be as easy as making a new copy of a virtual environment for this customer, and providing web based administration tools to the customer so that he can make customizations to the environment on his own. No lengthy installation or set up processes are required. Although it has less to do with virtualization, and more to do with service provisioning, the procurement process should enable the selection of options and basic customizations at the time of purchase. These choices should be reflected in the customers billing and in the virtual environment that is provisioned to him.
There are many types of virtualization, and most are useful to cloud service providers (CSPs), be they public or private cloud service providers. In addition to virtualization of servers, network resources, storage and desktops, it is also possible to virtualize clusters of machines. This enables multiple servers to look and act, like a single server. For example, Oracle provides technology to virtualize their database software and
Page 19
middleware software in this way. They can make 4, 6 or 20 database servers or application servers look and act like one big database server or application server. This enables customers or CSPs to use many pieces of inexpensive hardware to run many large workloads simultaneously, and it also provides a high degree of fault tolerance and availability. (4). This affords CSPs with a great deal of flexibility. CSPs can either dissect a single machine into multiple smaller virtual machines, or they can put multiple machines together to look like one very large Machine, which can then run multiple simultaneous workloads. With respect to running an automated as a service data center that supports many different customers, such flexibility is very powerful and creates compelling economies of scale. Without powerful tools to support administration, monitoring and provisioning however, such sophisticated technology can be very difficult to manage.
4.3 Software Appliances
Some special focus should be given to software appliances, as an important and emergent cloud enabling technology. Software appliances for data warehousing have been around for years. Neteeza (now part of IBM) and Teradata have done well in this
Page 20
market for quite some time. A software appliance is just what it sounds like. You plug it in and it works, like a refrigerator, or thats the idea anyway. There is no installation and very little configuration, performance tuning or administration. There are also hardware appliances and other types of appliances. Many newer appliances take advantage of virtualization software to quickly stand up new environments with a high degree of isolation, which is important for CSPs and their customers.
Oracles Exadata is especially worth notice because in effect, this is Oracles cloud strategy. Growth of Oracles appliance solutions have been explosive (31) and could approach $2 billion in the next two years. Oracle already provides database and middleware software via appliances. In the future this approach will likely extend to applications, and possibly Oracles entire software stack. This is truly a new way to deliver value to customers. Oracle appliances have best of breed hardware and software, designed to work together, pre-configured and optimized based on best practices. This significantly cuts down on the number of vendors required, the number of moving parts and the total deployment effort. Virtualization technology makes such solutions easy to provision to new customers, whether over public or private clouds.
Page 21
5. The Market Today
Most likely, cloud computing is slightly past its apex of the Gartner Hype Cycle (1). Gartner calls this apex The Peak of Inflated Expectations. The Gartner Hype Cycle (Figure 3) shows the trajectory of market enthusiasm for technology. It is characterized by a steep rise to a peak, and then a sharp decline as over exuberance gives way to failures and disappointments. Next, as users begin to adopt the technology in more sensible ways, enthusiasm increases again, but at a more gradual pace than before. Even though growth rates may be slowing with as-a-service solutions, they are merely slowing from light speed to super-sonic speed. In 2008, IDC forecast that spending on cloud computing services would reach US$42 billion worldwide by 2012. This was approaching a three-fold increase from 2008 levels of $16.5 billion (8) More recently in 2011, IDC forecast that from 2009 to 2014, U.S. public IT cloud services revenue would grow 21.6%, from $11.1 billion to $29.5 billion. (6) Although these forecasts are not directly comparable, they seem to indicate diminished (although still very high) growth expectations.
Page 22
Figure 3
The amount of hype around cloud computing harkens to the heady days of 1999 when fundamental corporate valuation ceased to matter, and people imagined that cost structures and profit margins would structurally improve for any company that intelligently used the internet. It has even been said that the cloud is more important than the web (5). Such enthusiasm is admirable but is comparable to saying that the invention of taxi cabs was more important than the invention of the internal combustion
Page 23
engine and the entire automobile industry. Fortunately, this time around it has mostly been technology journalists that have gotten carried away with heightened expectations for the cloud computing market. Many of the executives at cloud vendor and cloud consumer organizations are the ones that survived, and learned painful lessons, from the dot com era. Many of these executives have avoided most of the over building and over investing that characterized the technology industry in the late 1990s.
6. History of Cloud and Shared Services
There have also been many histories written about the evolution of cloud computing that trace cloud ancestry from timesharing on mainframes, to the PC revolution, to internet hosting companies, to application service providers (ASPs) and ultimately to the cloud. This history is largely accurate, but incomplete.
What is missing from this picture is the evolving role of IT organizations as service providers, or as vendors to internal customers. 20 years ago IT organizations were largely viewed as necessary evils, cost centers, the equivalent of yesterdays typists and book keepers. As the importance of Information Technology increased, and it
Page 24
became apparent that IT strategy could lead to business differentiation in terms of speed, efficiency, responsiveness, customer service and agility, interest from other executives grew. As executives better understood the potential, they wanted and expected more. They wanted more control, and they wanted to be treated more like customers. After all, their division kept the lights on and kept the money flowing. Sure, technology was important, but it was there to support and enhance the core business. This ultimately led to a trend called Shared Services. Shared Services allowed service providers within an organization to provide the services that are expected of them as elective services, similar to how vendors provide services. Since the vendor was an insider however, there should be advantages and economies of scale to keep costs low. Shared services are a way to achieve greater accountability and business alignment from IT. Shared services can be established not just for IT, but for other internal service delivery organizations as well, such as HR for example. Shared services are a way to define expectations, service levels, communication, costing and accountability. Today over 80% of the Global 2000 largest companies receive back office support from either an internal or an external third party Shared Services Organizations (3)
Around the same time that Shared Services were becoming main stream in IT
Page 25
departments (1999-2000), web services also began to gain traction. Web services are a set of technology standards that enable the creation of software in a way that is reusable, and in a format that is agreed upon by everyone. The technology was in perfect alignment with the concept of shared services. The confluence of these two trends led to another manifestation of the Gartner hype cycle, which led to many impetuous and unsuccessful web services and shared services initiatives.
Many of these failures occurred not because the ideas and the technology were bad, but because IT governance was lacking. In many early failures services were often created at a level of granularity that was not practical and too much control was given to the service providers instead of the service consumers. Still, the focus on services makes sense, and is completely aligned with the advantages of cloud computing. Today, Shared Service Organizations typically provide savings on the services that they deliver of between 15-30% (3).
Web services, shared services, and the three pillars of cloud computing (Software-as-aService, Infrastructure-as-a-Service and Platform-as-a-Service) all share similar heritage. They exist because customers, whether internal or external, want to be
Page 26
empowered to chart their own course with respect to the services that they need. Customers want choice, ownership and speed. Service delivery mechanisms such as SAAS, IAAS, PAAS, shared services and web services all help to enable this. Hybrid clouds, web mash-ups and service delivery models that combine services from internal and multiple external sources will be increasingly common as a result.
7. Cloud Market Forces
All markets are conceived by interactions between vendors and customers, buyers and sellers. Vendors respond to a customer need, demand or problem with some kind of solution. Sometimes vendors may see a customer need in advance however, and create a solution in anticipation of a market movement. Other times, customers practically have to bang on their vendors table and shout their needs to them. Customers often want their vendors to provide solutions that are portable, standardized and that work nicely with what they already own. On the other hand, vendors often want to create solutions that are sticky, and will create some level of lock-in. These dynamics change over time. Early innovation in a market often comes from visionary and creative people. Years later, after significant customer adoption and the
Page 27
emergence of competitors, innovation in this same market might be led by specific customer demands. For these reasons, the sources of innovation may be an indication of what stage of maturity a market is in. This tug-of-war between vendors and customers will largely determine the trajectory of innovation. Incongruous incentives between vendors and customers may be called an agency problem, or principal-agent problem, or a moral hazard problem. Whatever it is called, these forces are currently unfolding in dramatic fashion in the cloud computing market.
Professor Arnoldo Haxs Delta Model (14) is well suited to help describe this tug-of-war phenomenon, both in terms of where the cloud market is today, as well as where it is likely to go in the future. Professor Haxs model (figure 4) is a powerful model that is intended to be used by companies (or their consultants) to develop or refine a go-tomarket strategy. The Delta Model is highly customer focused, and emphasizes customer bonding as the pinnacle (literally) of effective strategy. The great power of the model is its primary emphasis on the customer, and how to deliver value to the customer. There are 3 primary positions on the Delta Model.
1. Best Product This position, on the lower right of the Delta Model, is characterized
Page 28
by the features and functions of the product offered. Demand for a product is highly price elastic at this position of the Delta Model. Products in this position are highly commoditized.
2. Total Customer Solutions This position, on the lower left of the Delta Model, is
characterized by greater solution breadth and/or greater solution differentiation. Solutions at this position of the Delta Model do not require the same amount of price competition as products in the Best Product category would require. Total Customer Solutions will be more closely aligned with customers business needs, but typically lack the trust and close collaborative relationships that are characteristic of System Lock-In offerings.
3. System Lock-In This position, at the top of the Delta Model, is characterized by tight
customer bonding. Such bonding is often the result of collaborative relationships, high levels of trust, partnering and a vendors ability to bring a complete and differentiated solution to the customer that specifically addresses their unique requirements. This may include a great breadth of products and intimate understanding of the customers business or it may be an ecosystem of complimentary partner solutions, specifically designed to address the customers unique challenges.
Page 29
Although the pinnacle of the pyramid is called System Lock-In, I do not find this to be a very fitting label because System Lock-In is something that customers typically try to avoid. With respect to the Delta Model, System Lock-In is typically a positive thing for both the vendor and customer. There may be collaborative business processes at this position of the Delta Model, where demand forecasts are shared or vendors can issue purchase orders on behalf of customers. Or, there may be proprietary technology that is broadly adopted by a customer that makes a vendors solution extremely difficult to replace, although the technology is highly valued by the customer. The Delta Model implies that the value that the customer receives from using a System Lock-In solution is greater than the cost of using it. I believe that this should be viewed positively for both vendor and customer.
Page 30
Figure 4
With respect to the Delta Model, Cloud Computing needs to be viewed in terms of IAAS, PAAS and SAAS. Lets take a look at where each as-a-service offering (as a category of products or market segment, not by vendor) sits along the delta Model, and how it might evolve in the future.
7.1 IAAS and the Delta Model
Page 31
IAAS solutions typically compete on technical specifications and price. This is a highly technical market, where technically oriented features and benefits determine vendor selection, along with price. Amazon is the clear leader in the IAAS market, although they have significant competition at the low end of the market, and increasing competition at the high end. Amazons lead is significant, and is a result of several factors:
First mover advantage A strong existing brand

A true low cost advantage based on unique technology Breadth of offering (compute, storage, load balancing, HA, VMWare VM import)
Strategic partnerships
Traditional vendors such as IBM and HP have entered this market, as well as many newer players such as Rackspace and Mezeo. IAAS is primarily a best product
solution that occupies the lower right hand are of the Delta Model. This is the least enviable position on the Delta Model. It is the least defensible position with the lowest margins. Amazon should be able to defend their leadership position if they continue
Page 32
with their rapid pace of innovation, as this will enable them to maintain their cost advantage.
Even though customers must currently use proprietary Application Programming Interfaces (APIs) to access IAAS offerings, the cost of switching an application from one IAAS provider to another is typically not that great. Furthermore, until now most applications running on IAAS are typically either short lived applications or applications that are not highly mission critical (11). In the future it is likely that standard APIs will emerge for IAAS offerings, which will reduce switching costs even more.
It is very unlikely that many IAAS only vendors will still exist in five years. IAAS vendors are moving into PAAS and PAAS vendors are moving into IAAS. Further, with the entrance of HP, IBM and other behemoth technology vendors in this market, consolidation will occur rapidly. These vendors can use IAAS offerings as loss leaders for higher margin products and services. IAAS will likely cease to exist as a meaningful standalone market and will merely be a product category offered by a number of larger technology vendors. Unless a highly innovative vendor with massively differentiated technology that is patent protected emerges, this trend, which is already well underway,
Page 33
will continue.
7.2 PAAS on the Delta Model
PAAS offerings compete mostly by targeting the developers that use the platform to build software applications. These developers are segmented based on the skills they possess and the languages that they know. Java developers who like to use open source technology might gravitate to Google AppEngine. .net developers would likely gravitate to Microsoft Azure. Java developers who are well versed in using frameworks provided by IBM would likely gravitate to IBMs solution. This indeed creates a high degree of stickiness, or lock in. However, in the context of the Delta Model, this lockin does not place PAAS offerings at the Apex of the Delta Model. The reason for this is that there is not a high degree of personal interaction or business collaboration that occurs between the PAAS provider and the PAAS customer. For this reason, successful PAAS offerings today can be categorized as Total Customer Solutions.
Although the current market PAAS market leaders are very large technology companies such as Salesforce.com, Microsoft and Google, these were not the first entrants into this
Page 34
market. Google entered the market in 2010. Bunjee launched a powerful and user friendly PAAS offering more than two years earlier, in 2008. Even with this large of a head start, larger competitors have completely eclipsed Bunjee in the PAAS market. Some of the reasons for this were the proprietary nature of Bunjees offering (not just straight java or .net); lack of an existing sales channel; and a general trend toward consolidation in the technology industry.
What will PAAS vendors need to do to compete in the future? Is it possible for them to move to the System Lock-In position on the Delta Model? There are several things that might help PAAS vendors become more valuable to their customers and move to the top of the Delta Model. Here are a few. Some vendors are already beginning to do some of these things.
Leverage common languages and skills, such as java, .net, Python, Ruby and Perl. Adopt standards for cloud computing as they emerge, and show leadership with helping to drive standards. However, PAAS vendors should not be constrained by any standards and should extend and enhance standards when needed. This is an old game played by many successful technology companies. Honestly claim
Page 35
conformance to an open standard while extending the standard to such an extent that is in effect, proprietary. Offer training and certification for PAAS offerings
Create community interest groups both locally, and on line using social media.
Build an ecosystem of partners (implementers and software providers) around the PAAS offering Offer expert services to help build, test and certify applications built on the PAAS offering. Connectivity options to other software products, whether on-premise or as-a-service Monitoring, administration and configuration capabilities that are complementary to existing tools.
There is a lot at stake with PAAS. In the client-server and internet era, software development platforms had tremendous influence over how and where IT dollars were spent. In the cloud era, the same is likely to be true for PAAS. Following is a comparison of the leading PAAS solutions:
Page 36
Platform As A Service Comparison Features

Languages
** Amazon is about to enter the PAAS market with Beanstalk, now in Beta
Microsoft Azure
.net framework languages, Ruby, Java, C++, PHP, Web Services Support
Google App Engine

Java, Python, Web Services Support, Ruby
Salesforce Force.com
Java, Ruby, PHP, .net, Web Services Support
Monitoring Tools (Low to High) Lifecycle Management Tools (Low to High) Web Sites Web Apps Structured and Blob Storage ISV Support for Distribution ISV Support for Trials Pricing, Tier 1
Med-High
Med-Low
Med-High
Med
Med-Low
Med-High
Yes Yes Yes
Yes Yes Yes
Yes Yes Yes
No
No
Yes
Limited 25 hours small compute instance
No 500 MB and up to 5 million page views free
Yes Free to 100 users, 1 GB
Pricing, Tier 2
750 hours of small compute instance, 10 gb storage, $59.95 per month
$8 per user per month. Max of $1000 per month per app
$50 per user per month, 100+ db objects, more storage, more storage, CRM integration
Pricing, Tier 3
Add 10 GB SQL Server database to Tier 1 for $109.95 per month
$8 per user per month. Max of $1000 per month per app
$75 per user per month, 24x7 support, up to 2000 db objects, more storage
Visual BPM Integration to 3rd Party Apps Social Media Support Lock-In with Using Add Ins (Low to High)
No Yes, but mostly MS based solutions MS Live Only Med
No No
Yes Yes, but not Oracle, SAP or many traditional vendors.
No Low-Med: Some with HA and browser notificaiton capabilities
Chatter and Facebook High
Exchange Platform for
Yes, App Market and Data Market
Yes, Google Apps
Yes, Force.com App Exchange
Page 37
Marketing Apps Service Level If 99.95% availability not met then 10% service credit If 99% availability not met then 25% service credit. Summary Microsofts platform falls somewhere between the Google platform and the Force.com platform. It is more feature rich that Googles solution and less so than Force.com. However, it does have rich language support and a lower level of lock-in risk than Force.com. Microsofts SAAS offering, Office 365, is not easily extensible or customizable. In order for Microsoft to find better synergy between their PAAS and SAAS offerings, they will likely need to improve in this area. As a side note, Office 365 augments, rather than replaces, Microsoft Office.
Marketplace 99.9% uptime Unclear
High performance and uncompromising standards based platform. Very little capabilities beyond basic cloud hosting for standards based applications however. Google Apps, their SAAS offering, offers a higher degree of customization than does Microsoft Office 365 although the level of integration between products is not as good. Google Apps does offer complete web services interfaces, which increase the synergy that exists between their SAAS and PAAS offerings.
Incredibly feature rich and innovative. Easy to build sophisticated applications with graphical frameworks. Significant toolkits and integration to 3rd party products and services. Fairly high level of lock-in when using advanced capabilities and frameworks. Nearly seamless integration across SAAS and PAAS offerings.
Table 1
7.3 SAAS on the Delta Model
Page 38
Only one SAAS vendor, Salesforce.com, is currently positioned at the System Lock-In location on the Delta Model. Other vendors are located at the two other vertices, or somewhere between them. The reason for this is that no other vendor has succeeded like Salesforce.com has in terms of both their PAAS offering and their SAAS offering. The synergies of these two offerings, combined with the customer focus that is deeply ingrained in Salesforce.coms culture, makes their offerings very sticky indeed. This is a stickiness that is characterized more by customer satisfaction than it is by dependence or technical lock-in. Salesforce.com has a truly unique focus on delivering exceptional value and success to their customers. This is a cultural obsession, which is clear from reading Behind the Cloud, a book by Salesforce.coms founder Marc Benifoff (15). This was also clear when interviewing Kraig Swensrud, a Sr. Executive at Salesforce.com (11)
What is perhaps the most important lesson from Salesforce.com however is that their success, which for the moment appears to be sustainable, depends not on one single thing, but on a large number of things. Customers that extend Salesforce.coms application (SAAS offering) will become familiar with their PAAS offering. This is a win
Page 39
for both Salesforce.com and their customers. Salesforces obsession with customers, aggressive and edgy marketing, adoption of open standards, creative partnerships (such as their VMWare partnership) and a multitude of other factors have made Salesforce.com one of the fastest growing technology companies in history.
Although Google and Microsoft both offer PAAS and SAAS solutions, their strategies are not as coherent and their products are not as integrated as Salesforces.
8. Customer Specific Forces
During my interviews with customers I noticed more similarities than differences among customers with respect to how they are currently using, and how they plan to use, cloud computing. Customers have largely adopted cloud technologies in similar patterns, and have similar views on what is missing. Following are the most prominent themes that I observed.
Virtualization was unanimously cited as the centerpiece of customer cloud strategies,
and VMWare was cited, almost unanimously, as the most strategic cloud vendor
Page 40
among customers that I interviewed. Customers with more mature cloud and virtualization infrastructures often indicated that the availability of suitable management and provisioning tools was lacking.
Privacy and security concerns were shared by all customers interviewed. This
includes regulatory requirements as well as general concerns over the confidentiality, privacy and protection of critical information. Many customers cited specific statues and regulations and others were far less specific when asked for detail.
Customer adoption of cloud solutions has been opportunistic, not strategic. Few
customers have clearly defined cloud strategies or roadmaps but instead have (wisely) chosen to move applications and infrastructure into the cloud on an ad hoc basis driven by savings and ROI.
Customers view the cloud as central to their shared services initiatives to a greater
extent than vendors or technology journalists do. A comment from John Hancocks CIO, Allen Hackney, provides a good example of this. The ability to separate physical layers of infrastructure from provisioning of resources in order to produce a business application is central to our strategy.. I found this to be a remarkably astute statement.
Page 41
The primacy of these themes in customer discussions warrants a closer look at each one.
8.1 VIRTUALIZATION
Each customer that I interviewed cited their virtualization vendor as their most strategic cloud vendor. It is worth taking a look at some of the key innovations in this market to get a sense for how it is evolving, and what it may look like in the future.
In addition to core virtualization services, and a hypervisor that is best-of-breed, VMWare seems to have a compelling vision for the future of cloud computing. Customer and market buy-in are extremely high, as evidenced by rapid earnings growth, and a very rich corporate valuation. As of 2/11/2011 VMWare had a $37 billion market capitalization, a price/earnings ratio of 106, a price/sales ratio of 13.1, 37% yearover-year quarterly revenue growth, and a 91.36% share price increase over the previous 52 weeks (10). I will reserve comment on whether the growth expectations that are implicit in this valuation are warranted, but it is clear from these numbers that
Page 42
market interest and optimism about VMWare is very high.
Part of VMWares great success is a clear and obvious Return on Investment (ROI) for their customers. When customers virtualize their data centers on VMWare, they can often reduce the number of servers they use by an order of magnitude. This massively reduces costs for hardware, data center floor space, software licenses, heating and cooling and administrative personnel. It is true that there are new costs associated with purchasing and implementing VMWare software and training staff to use this technology, but VMWares strategy appears to be that we will shrink the IT spending pie but will take an increasingly larger slice of this shrinking pie
Perhaps VMWares most game changing innovation is their vCloud API. The vCloud API enables customers using VMWare virtualized workloads move their workloads to data centers that support the vCloud API, or vCloud services. This means that the vCloud API gives customers flexibility to switch their cloud vendor, or cloud service provider, more easily than ever before. vCloud technology enables a customer to run a workload in their own environment, to move that workload to a CSP, and then to move the workload to yet another CSP for any reason they choose. CSPs must support the
Page 43
vCloud API to enable this flexibility, but many large CSPs have already signed up and have made their data centers vCloud compatible. The number of CSPs supporting vCloud is currently around 3000. Here is VMWares description of the vCloud API: The vCloud API is an interface for providing and consuming virtual resources in the cloud. It enables deploying and managing virtualized workloads in private and public clouds as well as interoperability between clouds. The vCloud API enables the upload, download, instantiation, deployment and operation of vApps, networks and virtual datacenters. There are two major components in vCloud API, the User API focused on vApp provisioning and Admin API focused on platform/tenant administration. (9)
There are a couple of other very innovative technologies that VMWare offers that help to explain their meteoric valuation. VMWare now provides technology that will pool large numbers of distributed virtual resources into a logical pool. This is in effect, virtualizing virtulized environments. This capability enables the management, administration and provisioning of resources over a large distributed environment. Resource utilization and resource management are enhanced to an even greater degree than with simple virtualization alone. It facilitates fine grained provisioning and allocation of resources and it also enables changes to be made uniformly and
Page 44
consistently across a large number of separate physical environments. Differentiation of infrastructure is enabled so that tiered delivery of pricing and service delivery is possible. Tools, portals and APIs are provided to enable self service delivery of catalog based services. VMWare describes this as follows: Whenever internal users need IT services, they should be able to get them as easily as finding and downloading an application from Apples App Store. (9)
Chargeback is a concept that is important to private clouds. The concept of chargeback, as it relates to as-a-service solutions, has roots in the 1990s along with shared services. Internal service providers must be able to recoup their costs somehow. Although some internal service providers may be allowed to operate at a loss, it is important that they have a fair and consistent way of charging internal customers for the services that they provide. The concept of chargeback is closely related to provisioning, which I will address shortly. VMWare offers chargeback capabilities that enable Cloud Service Providers to charge customers based on Fixed Costs, Allocation or Utilization. Fixed Cost charges are simply based on the number of virtual machines used. Allocation based chargeback is determined by the amount of capacity that is allocated and available to use. Utilization based chargeback is based
Page 45
on the amount of capacity that is actually used. (9)
Although some customers acknowledged challenges with their ability to charge back to customers, none of the customers interviewed were using VMWares chargeback product. This may be due to the limited number chargeback options that exist however. Options such as user counts, transaction counts or chargeback for non-virtualized resources are not presently available.
8.2. CLOUD MANAGEMENT AND PROVISIONING
For both public and private clouds, provisioning cloud resources to new customers or users is very important. Because muti-tenancy is a fundamental part of cloud, practically by definition, adding new tenants quickly and easily is a focus of much attention, although results have been elusive. Although Google, Microsoft, VMWare, Salesforce and other leading cloud and cloud infrastructure vendors have made considerable efforts to automate provisioning processes, this automation is mostly focused on their own technologies. VMWare can provision virtualized resources well, Google can provision App Engine resources and applications well, etc.. However, tools
Page 46
to automate provisioning across a range of services and technologies provided by different vendors have been lacking. As a result, the traditional system management vendors have stepped in with what appear to be the most capable solutions at this time. BMC Patrol, IBM Tivoli, CA Unicenter and HP OpenView have always always been leaders at providing centralized administrative and monitoring capabilities for all kinds of networking, server, desktop, storage and even software infrastructure. Most organizations have large investments in these platforms already. Furthermore, HP and BMC made significant acquisitions in the past several years that give them broader scope to address cloud provisioning requirements. A small software vendor in Renton WA, Parallels, has some unique and very sophisticated capabilities here. Parallels is a private company, probably between 100m and 150m in revenue, and offers the capability to provision cloud based resources from a large variety of CSPs (12). They not only handle the technical provisioning of the software but also handle the ordering, billing, invoicing and payment of services. These services are provided, not surprisingly, via the cloud.
HP OpenView products were rebranded as part of the HP Software Division in 2007, along with some recently acquired technology from a number of different technology
Page 47
vendors. BMC has taken a very similar approach, segmenting their business based on legacy products and newly acquired products. Also, each company has built out their software portfolios in similar ways. The software portfolios of both organizations are well suited to handle the complexities of provisioning services in the cloud. (17)(18) Based on customer feedback, HP and BMC appear to have taken the lead in the cloud provisioning market, and are continuing to innovate and partner to enhance their solutions.
STRATEGIC ACQUISITIONS HP
Mercury Interactive Application Management, Application Delivery, Change and Configuration Management OpsWare Server and Network Provisioning, and Configuration and Change Management help to ensure consistency and best practices. 3PAR Utility Storage that enable multi-tenant deployments which are well suited to SAAS and IAAS deployments Peregrine Systems IT Asset Management and Service Management Software. Tideway Systems Enables automated discovery of system resources and more dynamic monitoring and administration. Remedy Market leading helpdesk application.
BMC
BladeLogic Enables server provisioning, release, change and configuration management.
Table 2
The partnering strategies of both BMC and HP also demonstrate a strong commitment to building their cloud offerings.
BMC has formed a collaborative partnership with Cisco and VMWare to provide a cloud in a box solution that relies heavily on BMCs BladeLogic acquisition. The solution provides virtualized resources of many kinds that can easily be managed, configured and provisioned in an automated fashion. HP partners with both Microsoft and VMWare for virtualization capabilities, depending on whether a customer is more Windows or Unix oriented. Allen Hackney from John Hancock specifically mentioned that his organization is aligned with and leverages capabilities from the VMWare and HP partnership. (11)
8.3 PRIVACY AND SECURITY
There are many legitimate reasons having to do with privacy and security that may diminish a customers enthusiasm for deploying IT resources in the cloud. There are also some political reasons.
Page 49
Cloud deployments typically reduce requirements for data center space, hardware assets, software assets, employees and budget. Some managers may resist initiatives that result in reduced headcount, assets and budget. In such instances, security concerns may become somewhat of a boogey man used by IT managers to help resist non-technical managers that are pushing for savings from cloud adoption. Although this is somewhat of a simplification and may sound cynical, I did get this impression from more than one customer that I interviewed. Change is never easy or riskless and many factors other than reduced IT relevance play an important role in the reluctance that some IT managers may feel regarding cloud adoption. Ultimately, as cloud adoption becomes increasingly common, IT managers will likely begin to view the cloud more positively, as a way to shrink their IT backlog, align more closely with the business and unburden their teams from purely technical responsibilities.
8.3.1 Identity Federation
Leaving aside whether cloud environments (public, private or hybrid) are either more or less secure than traditional infrastructure, they are certainly different. Traditional trust boundaries no longer apply because software applications might be a mash up of 3rd
party services, applications and internal infrastructure. CSPs need to be a partner in the security process. The enterprise data center is just one security zone, or realm that needs to be considered. A federated approach is needed to address increasingly distributed authentication requirements. Fortunately, federated security processes have been evolving since before the rapid growth of cloud computing. Federated security simply means two or more organizations that share a trust boundary. (16) Once a user is authenticated in one environment then he is automatically trusted at some level in another 3rd party environment.
Protocols such as SAML (Security Assertion Markup Language) provide a common format that can be used by enterprises, 3rd party CSPs and business partners to represent security authentication and policy data in federated processes. Partners in SAML processes may either be Identity Providers or Service Providers. Identity providers will likely be corporate data centers that assert the identity of the users or processes that are accessing services. Service Providers will use these identity assertions to determine which resources should be made available. This can provide benefits such as single-sign-on and simplified administration.
Page 51
8.3.2 Security Responsibility
A continuum of responsibility exists with regard to security of cloud based resources. At one end of the spectrum are on-premise resources and at the other end of the spectrum is SAAS, where a vendor is responsible for the development, support, infrastructure and delivery of applications. IAAS and PAAS fall between these two levels. IAAS is closest to on-premise resources, since the development, support and delivery of the application are still the responsibility of the organization developing the application. PAAS falls closer to SAAS since (1) PAAS may be thought of as a super set of IAAS and (2) more layers of network architecture are contained in a PAAS stack than in an IAAS stack. It cannot be said with certainty which party should be responsible for which layer of security in all cases, but the importance of service levels and clearly defined contractual responsibilities cannot be over stated.
Page 52
Figure 5
Following is a list of security concerns that must be addressed by CSPs and their customers. This is by no means an exhaustive list. Customers and CSPs must work collaboratively to determine whose responsibility it is to ensure that data, software and infrastructure are protected.
Host security Host security in a public cloud is the responsibility of the CSP since
details of the host are abstracted from the customer. It may be wise for customers to demand that the CSP share information through a controls assessment framework such as SysTrust or ISO 27002 however. (13)
Perimeter security Perimeter security includes all of the resources that are used by
a computer system that need to be protected. Cloud computing complicates this boundary because the boundary is no longer made up of on premise resources only. With hyper-distributed cloud based environments, where each layer may be hosted by a different CSP, or different components within the same layer may be hosted by a different CSP, it is important to maintain visibility of resources across
Page 53
providers, and to ensure that policies and procedures are standardized to the greatest extent possible. Although such hyper-distributed are not common today, this will become increasingly common in the future. System wide visibility and documentation are very important to perimeter security and will help to manage this process as system and application boundaries change with continued adoption of cloud based resources.
Authentication and Authorization Making sure that appropriate data and systems
are available to appropriate people is the responsibility of both the customer and the CSP. Because customers will likely have some administrative responsibilities delegated to them, they will likely have some responsibility for cleaning up orphaned accounts and ensuring that rules are consistently followed with respect to user credentials with the CSP. The CSP will also have responsibility for ensuring that the granularity of access control meets the customers requirement, rules for strong passwords are implemented (this may be a shared responsibility) and best practices are consistently enforced across customers.
Application security Threats to application security exploit vulnerabilities in
underlying applications. Because SAAS are applications delivered over the web, by definition, application security is the responsibility of the SAAS application vendor.
Page 54
With IAAS vendors, application security is the responsibility of the application owner or administrator. With PAAS solutions, this responsibility will likely be shared. It will be the PAAS vendors responsibility to provide a security framework that is robust and well documented, and the application developers (customer) responsibility to ensure that this framework is implemented properly.
Data-in-transit: Protecting data on the wire calls for the use of an established and
robust encryption algorithm. CSPs must have a well developed strategy here and may offer different options of whether data is encrypted and if so at what level, or transmitted in-the-clear.
Data-at-rest: Protecting data stored on disk may also call for the use of a well
established and robust encryption algorithm. Alternatively, a well developed Information Lifecycle Management (ILM) strategy may be adequate, although communication of such policies and procedures will likely need to be documented in a format where they can easily be shared between vendor and customer. An ILM strategy will define what happens to data as it is aged and moves to backup, reporting and other systems, as well as how disks are handled when they are retired and disposed of.
Page 55
It is common for strong security at one layer to prevent a breech or vulnerability at another layer. For example, if the authentication process for a customer is robust then it is less likely that a user could spoof or hijack a customers credentials and exploit a vulnerability at the application layer.
8.4 Regulatory Requirements
During my customer interviews, state and federal laws and regulations were often cited as factors inhibiting adoption of cloud technology. Many laws and regulations exist to ensure data privacy and security of sensitive data and personally identifiable information. Data related to income, wealth, health, financial aid and employment history often have such restrictions. There are also labor laws and the specter of net neutrality laws that impact how and when cloud based services can be offered, or might be offered in the future. Labor laws are in place, mostly in the public sector, that prevent workforce reductions resulting from outsourcing work to a 3rd party or from automation. Although the following list is not exhaustive, each of these laws or regulations has the potential to effect the advancement and adoption of cloud technology. For state law I will focus on Massachusetts and Washington State only.
Page 56
This is because covering all 50 states would not be helpful, and would be overly lengthy. Further, both states are home to large populations of technology and internet companies and have legislatures that are not timid with regard to commercial regulation.
8.4.1 Labor Laws and Labor Influence
Massachusetts Pacheco Law In a nod to Public Employee Unions and employees, Massachusetts enacted Anti-Privitization legislation, the Pacheco law, in 1993. This law effectively prohibits the contracting of work to the private sector that can be performed by state employees. (23). With regard to cloud computing, this practically eliminates the prospect of achieving savings from well proven IAAS offerings such as ones provided by Amazon and Rackspace. Outsourced email, calendaring, collaboration and other services that are currently provided by state employees, often at very high cost, are also off limits.
Federal Senate spending bill S.3677 Bill S. 3677, passed July 29 2010, reduced funding for federal cloud computing efforts 58% from 2010 to 2011. Although Federal workers are not unionized, this decision is highly incongruous with government
Page 57
spending trends and spending on cloud computing initiatives in general. Overall funding for technology spending in this bill saw an increase from 2010, although cloud spending, that was intended to consolidate data centers, shrank significantly. (24)
City of Seattle IT workers at City of Seattle are unionized. Based on interviews that I conducted with (non union) technology leadership at City of Seattle, it seems unlikely that services such as email will be delivered via the cloud. Microsoft, Google and other vendors offer such services through the cloud and can typically demonstrate considerable savings when compared to purchasing, deploying, supporting and administering in house email systems such as Microsoft Exchange, which was deployed in 2009 at City of Seattle. Due to union influence however, such moves seem very unlikely.
8.4.2 Net Neutrality
Net neutrality simply means that internet users should have unrestricted and undifferentiated access to any legal content on the internet. This is tricky though. What is counter intuitive about this is that to achieve net neutrality would require either legal
Page 58
precedence based on related case law, or a specific bill leading to new laws or regulations. Net neutrality is not currently enforced via any specific law or regulation. In practice however, it almost universally exists. The internet is highly democratic for both producers and consumers of content. Opponents of net neutrality say that creating new laws or regulations around the internet to achieve net neutrality would be fixing something that is not broken, and that new laws or regulations, intended to make sure that content consumers and producers are treated equitably and fairly, would open the door to further regulation and government control, which might ultimately hurt the internet and diminish its value. They feel that the internet has gotten by just fine without such regulation up until now and that greater regulation would lead to influence by special interests, or over reach by government. Net neutrality arguments, either for or against, have the potential to result in 1st amendment issues, although this is not likely any time soon.
Proponents of net neutrality feel that providers of internet bandwidth, such as Comcast or AT&T for example, might use their power to discriminate against certain content providers. For example, Comcast could theoretically provide a lower quality of service to content providers that require a great deal of bandwidth, such as Youtube or Netflix,
Page 59
or they could provide a lower quality of service to competitors potentially.
A 2008 case filed by the Federal Communication Commission (FCC) against Comcast charged that Comcast unlawfully blocked or slowed access to a peer sharing web site, Bit Torrent. An April 2010 ruling on this case determined that the FCC lacked the authority to dictate how Comcast should treat internet traffic and Comcast won the case, successfully defending their right to treat their customers and use their infrastructure as they wish.
During my interviews, Bruce Chatterley, President of MegaPath (merger of Covad, Megapath and Speakeasy.net) mentioned net neutrality as a potentially important issue for cloud adoption (11). As customers put increasingly mission critical infrastructure and applications in the cloud, they will be likely to demand higher qualities of performance and service reliability. Government efforts to implement net neutrality laws or regulations could inhibit the ability of Cloud Service Providers to differentiate service in such ways.
Arguments made by groups that are either for or against net neutrality regulation may
Page 60
sound very similar. Both sides are likely to say that their position will increase (or have the potential to increase) innovation. To some extent, both sides are correct. If net neutrality laws are passed, the specter of large bandwidth and infrastructure providers treating potential competitors unfairly is unlikely to emerge, although in reality this has not happened yet anyway. If net neutrality laws are not passed, we will continue with the status quo of a largely unregulated internet that has created hundreds of billions of dollars of wealth in the past decade alone.
8.4.3 State Data Privacy Laws and Regulations
Breach Notification Laws Nearly all states now have security breach laws in place that require notification of the effected party, those whose personally identifiable information has been disclosed, of such a breach.
Washington House Bill 1149 Effective 07/01/10, this bill extends the scope of
typical Breach Notification Laws by requiring that the commercial organization responsible for the breach reimburse banks for the costs associated with cancelling and reissuing credit and-or debt cards. 1149 also incorporates the Payment Card Industry Data Security Standard ("PCI") into the law (21)
Page 61
Massachusetts Executive Order 504 An Order signed by Governor Patrick on
September 19, 2008 that recognizes the importance of protecting personal information and specifically outlines how all state agencies in the Executive Branch must address the security and confidentiality of personal information. (19)
Massachusetts General Law 93H This appears to be the first state law imposing specific requirements on business to protect Personally Identifiable Information (20). Attorney Greg Duff summarizes the rather onerous requirements on his web site, www.duffonhospitalitylaw.com. He summarizes the requirements as follows:
Encrypt all data, including on mobile devices (laptops, PDAs, etc,)
Restrict physical access to records containing PII
Develop written information security policies and adhere to them
Regularly monitor networks for unauthorized activity
93H requirements are laudable as consumer protections but they will unquestionably increase costs for business. The language in 93H is also unclear as to what constitutes compliance and this could lead to costly over implementation, as has been the case with other ambiguous regulation such as Section 404 in the Federal Sarbanes Oxley
Page 62
Act. There is certainly a tradeoff between consumer protection provisions, and the increased cost of doing business, which may become as a disincentive for new eBusiness firms to locate in Massachusetts, which could hurt employment growth and capital formation.
8.4.4 Federal Data Privacy Laws and Regulations
US Patriot Act The US Patriot Act may be one reason that cloud adoption has been faster in the US than in other countries. Any data that is physically stored in the United States is subject to the Patriot Act. The Patriot Act allows the US Federal Government to access data stored within US borders. (26) Although such access requires a request, or application by a Special Agent from the FBI, the approval of such an application may be granted by a Federal Judge. The fact that commercial and proprietary information may be accessed by the US government is unsettling for many private and public organizations outside of the US that might otherwise consider adopting cloud offerings from US companies.
Stefan Ried from Forrester writes about this problem and discusses how Data
Page 63
Integration Software Maker Informatica has designed an integration-as-a-service architecture to circumvent this problem. (26) Informatica provides integration-as-aservice so that customers in Europe can use their US based integration service and no data will actually touch servers on US soil, which would make the data subject to the Patriot Act. When vendors architect their solutions around regulations and laws, it may be a good sign that the regulatory and legislative processes are having a hard time keeping up with the market, and are in need of being updated.
Federal Information Security Management Act (FISMA) - The Federal Information Security Management Act of 2002 requires all Federal Agencies to implement an agency wide information security strategy.
The National Institute of Standards and Technology (NIST) is responsible for working with Federal agencies to implement FISMA. Although the US government spends several billion per year on security and FISMA related compliance costs, the standards developed by NIST appear to be quite rational and in line with best practices that I have observed in the private sector. NISTs web site states that their vision is (26): To promote the development of key security standards and guidelines to support the
implementation of and compliance with the Federal Information Security Management Act including:
Standards for categorizing information and information systems by mission impact
Standards for minimum security requirements for information and information systems
Guidance for selecting appropriate security controls for information systems
Guidance for assessing security controls in information systems and determining security control effectiveness
Guidance for the security authorization of information systems
Guidance for monitoring the security controls and the security authorization of information systems
Although FISMA compliance costs are high, the mission seems worthwhile and it is reassuring to observe that many private sector organizations have developed security strategies that align closely to NISTs. It appears that the government has provided some valuable leadership to the private sector.
Page 65
Health Insurance Portability and Accountability Act (HIPAA) HIPAA was mainly a way to ensure citizens can keep their existing insurance in the event that they lose a job. In addition to this, there are aspects of the regulation that help to bring the health care field up to date with the demands of our digital age.
HIPAA regulates the use of protected health information (PHI) by health care providers and health plans (13). Health care providers and health plans must notify patients if any of their PHI is shared or disclosed to other parties. Also, patients have the right to access any of their PHI and are able to correct or updated such information if needed.
Graam Leach Bliley Act (GLBA) The GLBA, also called the Financial Services Modernization act of 1999, was a major piece of financial services legislation. It partly repealed the Glass-Steagall Act of 1933. This was largely a banking deregulation bill, but it also brought regulation up to date for information security for financial services companies. There are two parts of the GLBA that are highly relevant to cloud computing, the Financial Privacy Rule and the Safeguards Rule (13).
Page 66
1. The Privacy Rule requires financial institutions to provide a privacy notification to
customers at the inception of a customer relationship, and also requires ongoing annual notifications. This notification must explain to the customer how their personal information will be used and give the customer the ability to opt out of activities that involve the sharing of their personal information with 3rd parties.
2. The Safeguards Rule requires that financial institutions implement an information
security program that protects their customers private data. The Safeguards Rule requires that financial institutions not only create and implement such a program, but that it is monitored and updated as needed, and that there is a single point of contact with overall responsibility for the plan. This has led to the creation of the Chief Information Security Officer (CISO) position in many organizations.
Federal Rules of Civil Procedure (FRCP) FRCP requires that parties involved in a civil lawsuit must disclose to the opposing party any information that will be used in their claim or defense (13). In 2006 FRCP was updated to better reflect increasingly digital forms of information. The changes required that electronic information used in the discovery process be made available quickly and easily. These changes led to a boom
Page 67
in the eDiscovery market, for email and document archiving and recovery. FRCP has major implications for cloud vendors, whether PAAS, IAAS or SAAS. Data may be required from any of these sources as part of a legal discovery process.
Personal Data Privacy and Security Act of 2009 Although this bill was never enacted, it came close. Only due to a unification of the business community, including the Chamber of Commerce, National Auto Dealers Association and several other trade and industry groups, was passage of the bill prevented. 1490 was a bill to prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information. (22) Although many of these goals are commendable, the duplication of existing state law and the onerous disclosure rules in this bill would have created tremendous business costs. Businesses would have been required to disclose all digital records about a customer, to that customer, at his request. Many businesses simply lack the technical sophistication to perform such an activity without incurring tremendous costs
9. WHAT CUSTOMERS DID NOT SAY
Page 68
In addition to the topics that customers identified as important to their cloud strategies, let us address some topics that did not come up. I would like to briefly review these topics because among my peer community, which is made up largely of employees from major technology vendors (Oracle, VMWare, Salesforce, SAP, and Microsoft), these topics are perceived to be important. When I spoke with customers however, these topics did not come up unless I initiated a dialog about them. Although it was surprising to me at first, customers did not seem concerned with these issues.
I expected customers to express concern about integrating cloud based applications
to on-premise applications. They did not. Given the amount of effort and expense that customers have put in to integration efforts and service oriented architecture (SOA) efforts over the past 15 years, I imagined that the challenges associated with integrating to applications run by a 3rd party cloud service provider would be concerning to customers.
Part of the reason for this lack of concern was made clear when I spoke with a Sr. Executive at Salesforce.com. Using web service APIs, Salesforce.com customers can and do integrate their Salesforce.com applications to their on-premise
Page 69
applications easily and securely. In fact, Salesforce.com provides real time statistics to customers about transaction volume on Salesforce.com. The day before I spoke with the executive at Salesforce.com they recorded over 400 million transactions and about of these transactions were API calls. (11)
I expected customers to express concern about vendor lock in with respect to as-a-
service solutions. They did not. This may be an indication of the fairly low level of maturity in this market however. Currently, customers have adopted SAAS offerings for CRM (Customer Relationship Management) much more aggressively than they have adopted things like ERP and HRMS. This may be due to the fact that CRM is less essential to the operation of a business than ERP and HRMS. Sales and services personnel can always manage CRM in spreadsheets in an emergency. However, if ERP systems go down then firms cannot pay vendors and employees, they cannot report their earnings to Wall Street or their owners and they cannot execute many of the core business processes that are essential to their daily operations. The stunning success of Salesforce.com (the leading SAAS CRM vendor), compared to the more tepid growth of NetSuite (the leading SAAS ERP vendor), illustrates this difference quite clearly. Salesforce.com has annual revenues approaching $2 billion while Netsuites annual revenues are around $200
Page 70
million. (10)
Vendor-lock-in and support for open standards will likely be one of the next battlegrounds in the cloud computing market. Such battles occur in technology markets that are approaching a more mature phase of the market lifecycle. As new vendors enter the market they will ask themselves (1) Who are the next targets for Salesforce.com and what is Salesforce.com not providing? (2) Why has Salesforce.com grown so much faster than Workday and NetSuite? The answers to both of these questions will likely have a lot to do with vendor-lock-in, vendor exit strategy and support for open standards. Open standards with respect to cloud computing are very immature however. Leadership in open standards for the cloud market may come from a standards body, or from a vendor that creates a de facto standard. There are promising standards that are emerging now from both sources. A good example of a vendor engineered technology with the potential to become a de facto standard is VMWares vCloud API, which I reviewed earlier. I will cover more of these organizations and technologies subsequently.
Regardless of where the technology comes from however, it highly probable that
Page 71
some vendor(s) will successfully leverage some type of open technology to gain an advantage. They will make claims such as if we dont do a good job you can switch vendors or more developers will be available to you at lower prices because this is standard technology and they will be partially correct. These are not transformational or disruptive messages however. They are merely value added messages. For this reason, it is likely that leading vendors such as Google, Amazon and Salesforce.com will acquire promising vendors that emerge with such messages, or that they will co-opt the messaging of these vendors and alter their approach to the market accordingly.
The lack of concern about these issues is partly due to the opportunistic approach that customers have taken to cloud adoption thus far, and due to the fact that SAAS adoption is far ahead of IAAS and PAAS adoption. Cloud vendors are on top of these topics however, and it is likely that this will be the battleground for cloud vendors in the future. Although customers are less concerned about making technology vendor selections based on architecture than they have been in the past, this will become more important as customers increasingly adopt PAAS and IAAS technology. PAAS and IAAS solutions are largely IT driven. IT departments will have far more influence over
Page 72
IAAS and PAAS vendor selections than they have over SAAS vendor selections. As momentum in the as-a-service market tilts more toward IAAS and PAAS solutions, integration and portability will become hot topics.
10. The Role of Standards
Segments of the technology market are often gripped with wild enthusiasm for some technology standard. In middleware software, CORBA, java, j2ee, dcom, .com, .net, xml, web services, struts, spring and various off shoots of these technologies, whether de-facto or de-jure, have each held the interest of large swaths of the software development community at different times. This is not to say that all of these technologies were of similar value and promise, only that the fortunes and careers of many software professionals and software vendors have been profoundly impacted by these trends. To embrace such technologies ahead of the pack, at the right time, or to be a pioneer or innovator of such technologies, can be an enormous advantage. To ignore such technologies as they become battlegrounds for competitive vendors can be a grave mistake. I make no assumptions about which of the following technologies (or organizations attempting to create standards) may become widely adopted, only that
Page 73
some will become widely adopted. Those that do gain traction may not be mentioned here, but as the cloud market evolves, standards will surely play an increasingly important role.
Distributed Management Task Force, DMTF DMTF boasts some of the biggest
names in the IT industry, including IBM, Oracle, Microsoft, SAP, VMWare, HP, Cisco, EMC, CA, and many other leading vendors. DMTF is responsible for promoting standardization across a variety of distributed computing markets. DMTF is interesting in that their web site does not provide information (that I could find) about a mission, a vision or clear objectives. The closest thing I could find was an explanation of the Value of Membership in DMTF. Although there are some potentially important innovations coming out of DMTF such as WS-MAN, WBEM, OVF and others, I found it interesting that neither Amazon.com nor Salesforce.com were DMTF members. As the de-facto leaders in the as-a-service market, the absence of these important players is curious. Amazon.com and Salesforce.com are unique in that their entry into the cloud computing market was not guided by any previous investment or install base. Both companies were web companies since their inception, and this differentiates them from the majority of the DMTF
Page 74
membership. I will make no conclusions about the relevance of this observation other than that is interesting, and potentially meaningful. As I reviewed press releases and vendor commentary about support for DMTF standards such as OVF, it was clear that vendors supporting these standards were using their support as a differentiator against market leaders such as Amazon.com and Salesforce.com. (27) Both Amazon.com and Salesforce.com have large enough leads in the various asa-service markets that they have the power to create their own de-facto standards and do not necessarily need to wait to respond to movements in the market. They are in the enviable position of being able to lead the market.
Open Virtualization Format (OVF) - OVF provides a standardized way of packaging
and describing virtual environments. Adopted as an ANSI standard in August 2010, OVF has the momentum and the credibility to become significant factor in the cloud and virtualization market. Many vendors already provide support for OVF virtualized resources. (27)
VMWare vCloud API VMWares vCloud API is based on OVF and implements core
OVF requirements, in addition to other value added features that VMWare provides such as management, administration and scalability capabilities.
US National Institute of Standards and Technology (NIST) NIST is responsible for
Page 75
the adoption of US Government Driven Cloud Computing Standards. It is their responsibility to interpret and recommend adoption of technology standards, such as DMTF standards, to federal agencies.
Eucalyptus Eucalyptus is software platform that delivers IAAS services such as
virtualization, Amazon EC2 support, security and other services in a single software platform (29). Eucalyptus is open source software and is supported on many operating systems. A company called Eucalyptus Systems acts as the steward of this platform and they offer both an open source version of the platform, as well as a licensable Enterprise version of the software.
Application Packaging Standard (APS) APS appears to be a standard that is
competitive with OVF, and therefore VMWares vCloud API as well. APS is desribed on the www.apsstandard.org web site as follows: application packaging format designed to help implement Software-as-a-Service (SaaS) business model for all industry cloud services providers and independent software vendors. One midsized vendor that supports APS is Parallels. Parallels is a virtualization vendor that is competitive with Vmware. They also make tools for automation of and provisioning for many functions that are common for CSPs and hosting companies. (28)
Page 76
Although this is a very high level overview of just a few of the standards that exist today, and those that are emerging, it provides a good starting point to understand the forces of standardization that will become important for both leadership and adoption of cloud computing technologies. Cloud APIs provided by vendors such as Amazon.com, Salesforce.com, VMWare or Google may become de-facto standards. Because these APIs are so widely used it is likely that other vendors will support them inside of development tools, administrative tools and monitoring tools.
11. CONCLUSIONS
Cloud computing is dramatically changing the technical landscape of IT. Trust boundaries are expanding beyond the corporate network; data governance responsibilities are often shared by 3rd parties; delivering on service level agreements may require coordination among several organizations; computing environments are increasingly distributed and customers may not even know how far the physical boundaries extend.
Page 77
11.1 Consolidation vs. Sprawl
IT departments have spent tremendous effort on consolidation during the past decade. Consolidating hardware, software licenses, data centers, vendors and contracts in order to cut costs and to try to build closer partnerships with vendors has been a primary goal of IT departments. Cloud computing creates some challenges here
New Vendors: New vendors are leading this market, leading to new agreements,
vendors and technology. It is important for customers to define a strategy with respect to cloud computing. Just as John Hancock (11) has defined vendors and architecture objectives for their cloud strategy, other organizations will benefit from such decisions by limiting the number of new vendors and agreements that they must support. This will help to improve investment returns by increasing leverage with vendors, reducing contractual complexity and maximizing investments in workforce training.
New Assets: Deployment of cloud assets and virtualized assets creates sprawl
problems that can be difficult to manage. Although problems such as server sprawl, data sprawl and software sprawl may be lessened with the use of cloud
Page 78
technologies, new problems may emerge. The sprawl of virtual environments, cloud environments and cloud resources must be tracked and managed closely, just like other assets. Without close monitoring and control of such resources, costs may be difficult to control. This is because organizations will typically not retire or stop paying for cloud resources if they do not know what they or used for, or by whom. Security is also an important consideration in cloud asset management. Because cloud resources diminish the need for IT involvement, and empower business units to directly provision the resources that they need, there may be a lack of consistency and control over cloud resources. Virtual machines can be stored on personal drives, thus easily replicating entire environments that may be highly proprietary or sensitive. Further, without integrated or federated security with cloud service providers, password policies and other security policies can easily be ignored.
It is likely that cloud asset management will become an important topic as cloud sprawl begins to replace traditional IT asset sprawl.
11.2 Valuation
Page 79
Valuations of the more successful cloud service providers are very high. Salesforce.com and Rackspace trade at very high multiples of their earnings and revenues for example. (10). This is incongruent with the promise of the cloud, which is that it is a more affordable way to buy compute resources of all kinds. Waste is eliminated and customer costs increase only when there is a simultaneous increase on the demands of CSP infrastructure. This means that the variable costs (not to mention the fixed costs related to massive data center infrastructure) of CSPs are far greater than the variable costs of traditional software or infrastructure vendors. The reason that traditional software firms trade at higher earnings multiples than other types of businesses is that the variable costs of distributing software, once it has been created, are very low. This is not the case with cloud computing. Some IAAS and SAAS firms may still achieve earnings growth that warrant very high valuations, although due to the lower degree of operating leverage that is characteristic of CSPs this growth will be harder to achieve.. Hardware and software vendors have traditionally offered many inducements to get customers to over buy. This will be more difficult for CSPs though because this is a primary reason that customers are moving to the cloud, and also because CSPs must mind their margins on every transaction.
Page 80
It is important to distinguish from IAAS and SAAS here however. Although variable costs grow in much the same way for both IAAS and SAAS, IAAS is much more of a commodity offering than SAAS. To remain competitive in a purely IAAS business, vendors will require a true low cost advantage delivered via proprietary technology and outstanding execution. The comparison to SAAS and IAAS is similar to the comparison of traditional hardware and software vendors, respectively. SAAS vendors will have more pricing power than IAAS vendors. Given these dynamics, the valuation of companies like Rackspace (Table 1), seem extremely high.
VMWare Salesforce Revenue P/E Market Cap. Operating Margin Return on Equity 2.86B 91.69 32B 12.51% 10.91% 1.66B 260 16B 5.88% 5.97%
Savvis 933M 98.58 2.02B 2.86% -27%
Microsoft 66.69B 10.58 208B 40.45% 44.35%
Rackspace 780M 110 4.93B 10.2% 11.76%
Oracle 31.99B 22.97 154.35B 34% 21.59%
Table 3
As the cloud market matures, CSP margins will not be as rich as traditional software vendors and they will not trade at multiples that are as high as traditional software
Page 81
vendors.
11.3 Partnering for Service Delivery
Based on research that I have conducted, I expect that in the future customers will be able to order cloud services and resources from a variety of vendors through a single CSP that acts as a broker for various other CSPs. This broker will manage highly complex regulatory requirements, security policies, contracts, billing, administration, performance requirements, availability requirements and overall services levels across a variety of CSPs. Disparate resources will be provisioned in a consistent way and will work together with greater ease than today as a result of the adoption of standards. The composition of these CSP networks will be defined by support for various computing standards. It is likely that vendors with strong competence in data center management and operations will play the role of broker. Although much of what I describe is occurring today there is still a lack of cooperation among vendors, a high level of vendor inflexibility with regard to service level agreements and little agreement among vendors on standards. Furthermore, tremendous improvement is needed with regard to service provisioning of cloud based services and resources, particularly
Page 82
across multiple vendors.
In a scenario such as the one described above, a CSP offering a variety of services will play a critical role in ensuring consistency among service levels and operations. The CSP will indemnify their customers from the risks of supporting multiple vendors and will provide added value as an abstraction layer across many complex and sophisticated services. The close operational relationships that exist between such a CSP, and other upstream CSPs, and the volume of business that is conducted between these organizations, will help to ensure improved service levels and competitive pricing. Risk Management will play an increasingly important role in IT.
Major as-a-service vendors such as Amazon and Salesforce.com currently offer almost no flexibility in their standard contracts or service levels (12). Given the number of customers that they support, and their need to scale, this is understandable. Also, the standard service levels and contractual terms that both vendors provide are quite attractive. Still, customers want vendor-partners (11). They want vendors with skin in the game that know their business and are committed to their success. Vendors such as Salesforce and Amazon cannot do this effectively while supporting hundreds of
Page 83
thousands of customers. They may be able to perform such services for their larger customers, but these two vendors still have a limited scope in terms of what they provide. This presents a valuable opportunity to those firms wishing to play the role of broker, that can add value in terms of management, administration, billing and other services.
As technology and standards improve for integrating and managing services, an ever increasing number of technologies will be offered as services. This has implications for how services will be reused, built, consumed and rendered. It is an ongoing evolution of what began as mostly an administrative concept for shared services. Services in the cloud will be accessed through SOAP, REST or other APIs. There will be proxies and translators for these APIs to support nearly any device or interface including iPhone, iPad, blackberry, laptop, desktop, voice, events, rfid and many others. The cloud obscures providers and consumers and extends tentacles out to resources, devices and users of every kind, connecting them all.
11.4 Regulatory Landscape
Page 84
It is likely that additional international standards will emerge with respect to data privacy and security. There will continue to be many unique federal, state and local laws that must also be complied with however. This will continue to create challenges for CSPs wishing to expand internationally. It is likely that navigating international privacy and regulatory requirements will increasingly be used as a differentiator for CSPs and other technology vendors. As the rate of change in the cloud market continues to increase, governments and regulatory bodies will be increasingly unable to keep up. This will lead to innovation that is largely unproductive, and solely intended to exploit these inconsistencies. Opportunities for regulatory arbitrage are growing rapidly in the CSP market. Ultimately this will slow the pace of useful and productive innovation.
11.5 Speed of change
Cloud is here to last not only because it saves organizations money but it makes them more responsive and agile. Business today is more competitive and changes faster than ever before. This is true in both the public and private sector. A 2010 survey of 1541 CEOs and senior business and public sector executives was conducted by IBM
Page 85
(30) and the results showed that The vast majority of CEOs anticipate even greater complexity in the future, and more than half doubt their ability to manage it.
Cloud enables customers to respond to change like never before by quickly adding or removing compute resources and pulling together various services to quickly address a business need. Technical resources are brought closer to the business users and the role of IT is increasingly to act as program managers, vendor managers and stewards of technology policy and standards. As this trend continues and cloud tools and standards continue to evolve, the ability to easily create composite applications from multiple tiers of architecture will improve. Development cycles will shorten and cloud technology may come close to delivering what IT customers have imagined for many years, first with shared services, then distributed objects, web services and now finally anything-as-aservice. It is doubtful that cloud technology will soon enable us to graphically build applications and drag and drop resources from different vendors and CSPs into a single mash up, with graphical drag and drop integration across vendors from the same tool. Such a vision might also include integrated ordering, billing, invoicing and service level management across CSPs. Yes, it is doubtful that we will be there soon, but cloud architectures get us much closer than we have ever been.
Page 86
11.6 Platforms Will Prevail
As mentioned previously, it will not be long before pure IAAS vendors case to exist as independent entities. The margins are thin and the competition fierce. As with other technology wars, platforms will prevail. Vendors and solutions that are the most complete, that have the deepest stacks, will win.
Amazon will either move into the platform-as-a-service market or be marginalized as an as-a-service vendor. Their success in this market has been impressive, but they have not extended their first mover advantage significantly beyond IAAS offerings and are competing based on brand and on being the low cost provider. They do have good partnerships, but partnerships are fickle, and their partnerships are not unusually sticky ones in many cases. Amazon has a difficult position to defend.
Other as-a-service vendors will likely merge to create more complete platforms, or larger vendors such as Google, Microsoft, HP and IBM may acquire them for scale, or to complete their own platforms. Salesforce.com is extremely well positioned in both
Page 87
the PAAS and IAAS market and has an excellent opportunity to extend their lead. Given the success of AppExchange and Force.com, Salesforce has considerable momentum the PAAS market. This success helps to drive their SAAS business because the tools and skills that customers use are the same for both offerings. The same is true in the opposite direction as well. There is a positive reinforcing dynamic at work that should continue to propel their business. Oracle is building a unique story around their appliance offerings. These appliances will enable Oracles customers to offer SAAS to their customers, whether public or private. VMWare has a commanding lead in the critical virtualization business although the threats from XEN, embedded hypervisors and very low cost hypervisors are significant. VMWare is innovating at an impressive pace, and leadership with technologies such as vCloud may yet warrant the high earnings multiples that VMWare trades at. Microsoft and Google will play an important role in the do-it-yourself cloud shops that use either .net or java technology, respectively. The key for these two organizations is to capture the document management and cloud email business of their customers. Once they have this it will be considerably easier for them to grow their footprint by adding integrated SAAS or PAAS offerings and building on the data and the objects that are already part of their document and email services.
Page 88
The cloud market is young enough, and is evolving quickly enough, where vendors that are yet unknown may still rocket to the top of the market with innovative technology and solutions. To stay at the top as an independent player however will require deep capabilities and broad appeal that is based on support for existing languages and technologies. Currently only Microsoft, Google and Salesforce.com are well positioned to command dominant positions in the PAAS market. Microsoft and Google will compete for the build business and are likely to do large volumes of business at relatively low margins. Salesforce.com is better positioned in the buy market for business applications and they should enjoy higher margins as a result, although they will also be competitive in the market for small businesses organizations that are comfortable with a build strategy.
Page 89
Page 90
REFERENCES
(1) Fenn, Jackie (1995-01-01). "Word Spy: hype cycle". When to Leap on the Hype Cycle. Gartner Group. (2) Cloud Computing Explained, by John Rhoton, 2009 (3) The New Administrations Shared Services Opportunity, By John Marshall, July 2009 (4) Oracle web site, www.oracle.com, Feb 2011 (5) Mike Nelson, University of Georgetown Professor, speaking at World Future Society in Boston (6) IDC Forecasts, Feb 08 2011, U.S. Public IT Cloud Services Revenue to Grow 21.6% (7) Cloud Computing Set to Soar, IDC Predicts, Enterprise Systems, 06/29/2010, Stephen Swoyer (8) IDC analyst blog, http://blogs.idc.com/ie/?p=224 (9) VMware and Cloud Computing, An Evolutionary Approach to an IT Revolution, VMWare 2010 (10) finance.yahoo.com (11) Customer interviews included: Liberty Mutual, John Hancock Financial, MegaPath Communication, Commonwealth of Massachusetts, State of Washington Department of Information Services, Staples, Seattle City Lignt and Starbucks (12) Vendor interviews included: Moster.com, Salesforce.com, Microsoft, VMWare, Parallels and SAP (13) Cloud Security and Privacy, 2009: Tim Mather, Subra Kumaraswamy, Shahed Latif (14) The Delta Model, Arnoldo Hax, Springer; December 14, 2009
Page 91
(15) Behind the Cloud, Marc Benioff, Oct 19 2009 (16) IDENTITY FEDERATION IN A HYBRID CLOUD COMPUTING ENVIRONMENT SOLUTION GUIDE, Junpier Networks, 2009 (17) www.hp.com (18) www.bmc.com (19) www.mass.gov, department of Administration and Finance (20) www.duffonhospitalitylaw.com, Greg Duff, 05/28/2010 (21) apps.leg.wa.gov (22) http://www.govtrack.us/congress/bill.xpd?bill=s111-1490 (23) Pioneer Institute | Agenda for Leadership 2002 | Pacheco Law (24) Senate Funds Web Services, Cuts Cloud Computing, By Elizabeth Montalbano InformationWeek , August 9, 2010 (25) Comcast vs FCC: In Battle For Net Neutrality, Did the Courts Hand Comcast a Pyrrhic Victory? By Stacey Higginbotham Apr. 6, 2010 (26) http://blogs.forrester.com/stefan_ried/10-07-06informaticas_cloud_service_flying_under_radar_especially_european_customers, Forrester Analyst Stefan Ried, July 6 2010
(27) Virtualization, cloud standard on the fast track?, Wednesday, September 15, 2010, By Denise Dubie, http://www.networkperformancedaily.com (28) http://www.apsstandard.org/ (29) www.eucalyptus.com (30) Capitalizing on Complexity, IBM CEO Survey 2010 IBM Institute for Business Value
(31) http://blogs.barrons.com, Oracle: Exadata Exploding, Says Piper, Tiernan Ray, March 2011
Page 92

Factors Shaping The Future of Cloud Computing

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Factors Shaping The Future of Cloud Computing

Caricato da

Copyright:

Formati disponibili

Factors Shaping the Future of Cloud Computing

Signature of Author: ____________________________________________________________________ MIT Sloan School of Management May 6, 2011

Steve Francis, Sloan Fellow 2011

This page intentionally left blank

Steve Francis, Sloan Fellow 2011