Gartner Cuadrant

This research note is restricted to the personal use of ebaron@taos.com.
Hype Cycle for Cloud Computing, 2018

Published: 31 July 2018 ID: G00340420
Analyst(s): David Smith, Ed Anderson
Cloud computing has reached the Slope of Enlightenment. The next waves
of technologies building on cloud are emerging and climbing to the Peak of
Inflated Expectations. This document outlines the cloud-related technologies
in use and those that will become the foundation for the future of
computing.
Table of Contents
Analysis.................................................................................................................................................. 3
What You Need to Know.................................................................................................................. 3
The Hype Cycle................................................................................................................................ 3
The Priority Matrix.............................................................................................................................5
Off the Hype Cycle........................................................................................................................... 6
On the Rise...................................................................................................................................... 7
Site Reliability Engineering (SRE).................................................................................................7
Blockchain PaaS........................................................................................................................ 9
Cloud to Edge Development Support....................................................................................... 10
Serverless PaaS....................................................................................................................... 11
Cloud Tethering........................................................................................................................ 13
Immutable Infrastructure........................................................................................................... 15
At the Peak.....................................................................................................................................17
Edge Computing...................................................................................................................... 17
Hyperscale Computing............................................................................................................. 18
Cloud Managed Services..........................................................................................................20
Cloud Service Expense Management....................................................................................... 21
Multicloud.................................................................................................................................23
Container Management............................................................................................................ 24
IoT Platform.............................................................................................................................. 26
Machine Learning..................................................................................................................... 28

Sliding Into the Trough.................................................................................................................... 30

API Economy............................................................................................................................30
Cloud-Native Application Architecture.......................................................................................32
Hybrid IT...................................................................................................................................33
Cloud Marketplaces..................................................................................................................35
Cloud Networking.....................................................................................................................37
Software-Defined Infrastructure................................................................................................ 39
Hybrid Cloud Computing.......................................................................................................... 39
Cloud Service Brokerage.......................................................................................................... 41
Cloudbursting........................................................................................................................... 43
Private Cloud Computing..........................................................................................................45
Cloud Management Platforms.................................................................................................. 47
Cloud Migration........................................................................................................................ 49
Integrated IaaS and PaaS......................................................................................................... 51
Cloud Center of Excellence.......................................................................................................53
Climbing the Slope......................................................................................................................... 54
Cloud Office..............................................................................................................................54
iPaaS........................................................................................................................................56
Private PaaS.............................................................................................................................58
Public Cloud Storage................................................................................................................60
SaaS Administrative ERP.......................................................................................................... 61
Application PaaS...................................................................................................................... 63
Cloud Computing..................................................................................................................... 65
Platform as a Service (PaaS)..................................................................................................... 66
Cloud-Testing Tools and Services............................................................................................. 68
Infrastructure as a Service (IaaS)............................................................................................... 69
Cloud Security Assessments.................................................................................................... 71
Entering the Plateau....................................................................................................................... 73
IaaS+........................................................................................................................................73
Software as a Service (SaaS).................................................................................................... 75
Appendixes.................................................................................................................................... 77
Hype Cycle Phases, Benefit Ratings and Maturity Levels.......................................................... 78
Gartner Recommended Reading.......................................................................................................... 79
List of Tables
Page 2 of 81 Gartner, Inc. | G00340420

Table 1. Hype Cycle Phases................................................................................................................. 78

Table 2. Benefit Ratings........................................................................................................................ 78
Table 3. Maturity Levels........................................................................................................................ 79
List of Figures
Figure 1. Hype Cycle for Cloud Computing, 2018...................................................................................5

Figure 2. Priority Matrix for Cloud Computing, 2018............................................................................... 6
Figure 3. Hype Cycle for Cloud Computing, 2017.................................................................................77
Analysis
What You Need to Know
Cloud computing hype continues to be high relative to other technologies, even though it is quite far
along in the Hype Cycle. Much of the cloud discussion has shifted from hype to inevitable
mainstream acceptance. The focus has shifted from the unrealistic promises that cloud will
transform everything and the pessimistic view that it didn't deliver, to a pragmatic approach that
views cloud as inevitable. The focus is now on how to do it well versus on whether to do it at all.
Most organizations are becoming increasingly grounded in the practical benefits and risks of cloud
computing. "Cloud first" is becoming a common description of enterprises' strategies, as cloud
adoption becomes mainstream (approaching "new normal" status), including support for production
applications and mission-critical operations. Cloud services are heavily favored for new application
development, particularly when organizations pursue digital business outcomes. Most vendor
innovations are in the cloud or at least cloud-inspired.
There are ever-increasing examples of organizations achieving cloud computing benefits across
different industries (including initially reluctant ones, such as finance and healthcare), organization
sizes and geographic regions. Understanding the landscape of cloud service offerings, technologies
and terminology is critical for organizations to establish viable cloud strategies and find success in
their use of cloud service offerings. This research profiles key cloud computing technologies and
concepts, and it provides guidance to IT leaders on how to leverage the growing capabilities of
cloud computing.
For more information about how peer I&O leaders view the technologies aligned with this Hype
Cycle, please see "Emerging Technology Roadmap 2017-2018 (Large Enterprise)."
The Hype Cycle

Cloud has moved beyond just disrupting IT to providing the underlying basis for most future digital
disruptions and future innovations. Cloud exists on a spectrum (see "Four Types of Cloud
Computing Define a Spectrum of Cloud Value") and enables the next-generation platforms upon
Gartner, Inc. | G00340420 Page 3 of 81

which new IT capabilities are being built. Cloud vendors and users alike continue to stake a claim in
cloud-generated growth opportunities. They sometimes exaggerate the capabilities of cloud
services and their contributions to the cloud value proposition (cloudwashing), as well as
misrepresent terminologies, such as "hybrid cloud," under the guise of pushing traditional on-
premises infrastructure and hardware.
As cloud computing becomes mainstream, many organizations find their IT environments include
public and some private cloud alongside traditional IT systems. Most organizations believe hybrid
scenarios will help address the challenges of these disparate environments. However,
disillusionment is increasing for technologies associated with building out private clouds (cloud
management platforms, private infrastructure as a service [IaaS] and private cloud itself), further
driving workloads to public clouds as organizations seek the full benefits of cloud computing. We
also see a few clusters of technologies appear on this Hype Cycle:
■ The next wave of cloud disruption (cloud-enabled platform services) delivering advanced
capability around artificial intelligence (AI), blockchain, Internet of Things (IoT) and so forth
■ The peak (serverless, multicloud and containers), where much of the excitement is around
specific approaches that are driving innovation
■ The trough (private cloud, cloudbursting and brokerage), where concepts that have generated
significant excitement in past years are struggling with implementation challenges
This Hype Cycle (see Figure 1) includes innovation profiles describing different cloud models and
deployment types, as well as the tools and services used to test, migrate, manage and secure cloud
environments. We outline key technology and market areas to watch for future opportunities,
particularly in cloud-based applications. Technologies to watch include container management,
serverless PaaS, cloud networking and cloud-native application architecture. Note that many of the
innovation profiles in this Hype Cycle are beyond the Peak of Inflated Expectations.
The Hype Cycle includes many new (and relatively new) innovation profiles. These include edge
computing, multicloud, machine learning, API economy and IoT platform. These are examples of
cloud becoming critical underpinnings of next-generation disruptions. As cloud enters its second
decade, it continues to evolve with new types of services and capabilities that make it the primary
model for a wider range of solutions. Cloud has become the default style for just about everything in
the future. If it is not cloud, it is legacy.
Organizations that are finding success in their use of cloud computing not only challenge cloud-
related hype, but also apply practical assessments of cloud capabilities to recognize the
organizations' desired outcomes. Pragmatism is critical when evaluating cloud services. When
applied to the right scenarios, with the right management and governance, organizations can find
success in realizing practical benefits, including increased agility, elasticity, scalability, innovation
and, in some cases, cost savings.

Figure 1. Hype Cycle for Cloud Computing, 2018
Source: Gartner (July 2018)
The Priority Matrix

Cloud computing is a set of dynamic, high-growth markets, which causes some cloud technologies
and concepts to move through the Hype Cycle at an accelerated rate (see Figure 2).
Transformational technologies and services, such as application PaaS (aPaaS), hybrid cloud
computing and PaaS, are realizing increasing usage, which are accelerating their adoption. We are
also seeing the rapid emerging industry of managed service providers offering professional services
and "cloud managed services."
Many cloud computing technologies and concepts are two to five years away from mainstream
adoption. IaaS has moved into mainstream adoption, followed closely by IaaS+ and aPaaS. New
technologies — including serverless PaaSs and edge computing — are building in hype and will
grow to become important technology foundations for future cloud solutions over the next two to
five years.
The relative impact of cloud and cloud-related technologies is high and often transformational.
Organizations building on a cloud foundation will embrace transformational change more quickly
and effectively than organizations bound to traditional IT environments.

Figure 2. Priority Matrix for Cloud Computing, 2018
Off the Hype Cycle

The market for cloud computing is dynamic, and changes occur rapidly. Cloud technologies and
offerings move steadily toward maturity with only a few becoming obsolete before reaching the
Plateau of Productivity. We endeavor to represent a broad view of cloud-related technologies and

concepts, which means the Hype Cycle goes through a regular cycle of update, consolidation and
focus.
In this 2018 update, we made the following notable changes:
■ Removed:
■ Database PaaS has matured beyond the scope of the Hype Cycle.
■ BPaaS has been removed.
■ Renamed:
■ Software-defined anything is replaced by software-defined infrastructure.
■ Added:
■ Cloud tethering
■ Cloud networking
On the Rise
Site Reliability Engineering (SRE)

Analysis By: Lydia Leong; Christopher Little; George Spafford
Definition: Site reliability engineering is a collection of systems and software engineering principles
used to build and operate resilient distributed systems at scale. An SRE team applies these
principles — usually in combination with DevOps and agile practices and tools — and applies them
to responsibilities such as risk management, release engineering, monitoring, self-healing, incident
management and problem management. An SRE team collaborates with developers to design,
build, and continuously improve systems that meet service-level objectives.
Position and Adoption Speed Justification: Site reliability engineering is a discipline originally
created by Google, and was described in the 2016 book, "Site Reliability Engineering: How Google
Runs Production Systems." It is gradually being adopted more widely, both by digital-native
organizations as well as traditional enterprises. SRE emphasizes the engineering disciplines that
lead to resilience, but individual organizations implement SRE in widely varying ways. Most SRE
implementations represent a mature form of DevOps.
SRE is intended to help manage the risks of rapid change, through the use of service-level
objectives (SLOs), "error budgets," monitoring (including the converging of monitoring and QA
testing), and automated rollback of changes. SRE teams are often involved in code review, looking
for problems that commonly lead to operational issues (for instance, an application that does not do
log cleanup and therefore may run out of storage), ensuring that the application comes with
appropriate monitoring and resilience mechanisms, and that the application meets DevSecOps
standards. SRE teams may also be responsible for incident management, and nearly all such teams
have a strong emphasis on problem management. A key SRE discipline involves root cause analysis

and prevention of future such problems through automation and continuous feedback loops. SRE
also emphasizes the virtue of simplicity, and the distinction between complexity that is essential to a
system's business function, and accidental complexity that should be addressed with better
engineering.
Because SRE requires an organization that is highly skilled at automation (and usually DevOps), has
adopted the principle of infrastructure as code (which usually requires a cloud platform), has
adopted resilient system engineering principles, and has applications with an agile life cycle that
employs continuous integration/continuous deployment (CI/CD), it is primarily something that is
adopted by highly sophisticated digital organizations, or is an end-state aspiration of enterprises
that are in the midst of digital transformation.
User Advice: Organizations can benefit from SRE principles even if they are not sufficiently mature,
agility-focused, or large enough to adopt SRE as a primary operations model. The SRE principles
for risk management, release engineering, handling service-level objectives, monitoring, automation,
and self-healing can be applied to a broader range of cloud-native and digital applications. SRE
also represents a useful end state of evolution for DevOps-driven operational transformations.
Finally, SRE can be a useful approach to frame the continuous improvement of operations across
the organization.
An SRE initiative should have an executive sponsor. The pilot project should have the following
characteristics:
■ The target application must change rapidly yet maintain high availability in order to maximize
business value. Stakeholders should be politically friendly.
■ The pilot must demonstrate sufficient value to improve credibility and support, yet also have an
acceptable level of risk, allowing the stakeholders to learn.
■ The initial SRE team must have a collaborative engineering mindset, strive to continuously learn
and improve, and desire to automate tasks to reduce repetitious manual work, which is known
as "toil." It is often easiest to move DevOps-skilled employees from different parts of the
organization, due to the relative difficulty of hiring engineers with SRE experience. A site
reliability engineer is typically a software engineer with an excellent understanding of
operations, or, less frequently, an infrastructure and operations engineer with strong
programming skills.
■ There must be clear SLOs that can be continuously monitored and reported against.
■ The application development team must collaborate with the SRE team to meet SLOs.
Developers are responsible for a resilient architecture and reliable code. SREs should not spend
more than 50% of their time on ad hoc operational activities. Any excess should go to the
developers for support.
The pilot should not be followed by a general "go live"; instead, iteration should be used to evolve
the state of SRE practices. The teams involved should share experiences and lessons learned.
Business Impact: SRE is primarily useful to fast-moving digital businesses, due to its emphasis on
the balance between the ability to change rapidly, and systems stability. The SRE approach to

DevOps is intended to produce systems that — despite frequent change, unpredictable customer
demand and global scale — are reliable, performant and secure. For such businesses, SRE may be
an essential discipline not just for achieving business objectives and maintaining operational
stability, but also for controlling costs by avoiding unnecessary manual operations, and freeing up
skilled personnel to work on value-added activities.
Benefit Rating: Moderate
Market Penetration: Less than 1% of target audience
Maturity: Emerging
Blockchain PaaS
Analysis By: Paul Vincent; Rajesh Kandaswamy; Yefim V. Natis
Definition: Blockchain platform as a service (bPaaS) is a set of blockchain software platform

services offered in the cloud by a vendor, for subscribers. Services can include some or all of the
distributed ledger, node or consensus mechanisms, and other ancillary services to manage a
network of distributed ledgers on the vendor's cloud infrastructure. Another term for these services
is blockchain as a service (BaaS).
Position and Adoption Speed Justification: bPaaS is a recent cloud service offering from
enterprise cloud vendors, such as IBM, Microsoft (Azure) and Oracle, and small technology startups
— such as BlockApps, BlockCypher and Wanxiang Blockchain Labs. Solutions in the market today
are in the early stages of development and adoption, and mostly used for performing proofs of
concept (POCs). Developers seeking to implement blockchain-based applications require specific
services that span compute, application, storage and network. The cloud vendors aim to combine
these services to provide enterprises with a one-stop service shop that brings the benefits of cloud
elasticity and compute costs to blockchain. Each bPaaS vendor attempts to add unique elements
around security, interoperability, analytics and performance, in order to differentiate their offerings, in
exchange for single-sourcing and centralization of public execution and ledger storage.
These offerings are new and we expect the field of competitors to grow over time. In many cases,
the cloud vendor's bPaaS supports one or a few blockchain platforms. Support for different
consensus mechanisms, tools, frameworks and smart contract capabilities remains limited and
continues to evolve. Interoperability for distributed ledgers across competing platforms or clouds is
nonexistent at this early stage of evolution. Yet, relying on one vendor for all nodes of the distributed
ledger negates some of the advantages of a using a distributed ledger in the first place. The core
value of a distributed ledger, which has fueled the hype and interest among many in the technology
industry, is to enable decentralized/distributed open-source applications that avoid reliance on just
one organization, server, data center or network. The initial versions of bPaaS trade this core value
for the convenience of vendor assistance, although this trade-off is expected to be addressed by
interoperability and standardization in the future.
bPaaS encompasses platform services only. Over time, however, we expect other blockchain-based
application and business services to become available in the cloud as blockchain SaaS.

Currently, the primary value of bPaaS is to "jump-start" the ability of enterprise developers to rapidly
set up an initial test system or prototype — as opposed to a truly decentralized production system.
Because bPaaS is dependent on a restricted perspective of blockchain, and is also affected by
blockchain's immaturity, it remains "on the ramp" toward the Peak of Inflated Expectations.
User Advice: Current bPaaS offerings can help jump-start your POCs, smaller projects or your
experiments with blockchain technologies, as long as you are comfortable with limiting your
experience to what bPaaS can provide. As blockchain technologies and bPaaS offerings evolve, we
expect a wider range of options to be available — additional services and increased interoperability.
Be aware that cloud providers support a limited set of platforms, yet the overall landscape of
choices is large and rapidly evolving. Enterprises that avail themselves of PaaS services might
consider the same vendor's bPaaS services. There are more than 100 blockchain platform choices,
but cloud vendors currently support less than 10% of them.
Every blockchain platform will undergo major changes during the next two to five years, rendering
any choice effectively obsolete within 24 months. Enterprises should therefore avoid commitments
to bPaaS for mission-critical initiatives until greater maturity occurs and platforms and services are
interoperable across heterogeneous environments. Understand all aspects of the blockchain
technologies you will need, and ensure they can be supported on the bPaaS offering of interest. Be
extra cautious in your bPaaS decision when managing initiatives that involve multiple organizations.
Business Impact: bPaaS will be attractive for enterprises for initial limited-scale experiments and
POCs. Among the various types of blockchain projects, internal ones will be more suitable for such
services compared with projects that span multiple entities where all parties need to agree on a
common bPaaS. bPaaS offerings will need to evolve for better interoperability. If they evolve to
support enterprise needs and full blockchain characteristics, they will be become an option that
enterprises should evaluate as they plan infrastructure for their blockchain projects.
Maturity: Emerging
Sample Vendors: Amazon Web Services; BlockCypher; Blockdaemon; IBM; Microsoft (Azure);
Oracle; Wanxiang Blockchain Labs
Recommended Reading: "Market Guide for Blockchain Platforms"
"The Evolving Landscape of Blockchain Technology Platforms"
Cloud to Edge Development Support

Analysis By: Bob Gill
Definition: Cloud to edge development support describes the extension of hyperscale cloud
providers' programming models, SDKs and in some cases, OS types for development and use on
edge devices, such as IoT "things" and single board development platforms.

Position and Adoption Speed Justification: While hyperscale cloud providers have exposed such
capabilities for several years, the widespread availability and rapid adoption of these services on
broadly supported devices such as Raspberry Pi, DragonBoard and others, along with a major
marketing and investment push, has brought these platforms to the forefront. Just as edge
computing and IoT continue to advance on the Hype Cycle, cloud-to-edge capabilities provide an
additional boost with the technology investment of the hyperscalers, adding momentum.
User Advice: We recommend enterprises evaluate the capabilities (and gaps) of the leading
hyperscale providers cloud-to-edge offerings, and factor in the likelihood of very decentralized
cloud solutions to augment the current centralized model. While cloud as a style of computing has
never mandated centralization, the economies of hyperscale and the centralized deployments of
massive compute regions has prepared for a "cloud as centralized" status quo. By extending their
models to the absolute edge, the status quo may be overturned.
Business Impact: By extending their platform reach to the edge, hyperscale providers allow
development and deployment of integrated solutions across the gap between centralized and
distributed models. While such capabilities may be targeted toward integrators and service
providers, technically aggressive enterprises may experiment to gauge their capabilities to extend
the centralized cloud compute model. Such SDK and OS pairings provide one solution to the thorny
development issues of providing security, orchestration and directory services for potentially
millions of endpoint devices. These offerings also provide the hyperscale cloud providers a
mechanism for augmenting their to-date-centralized compute models, allowing for more real-time
capabilities, including to devices, people and things with intermittent communications links.
Whether the average enterprise actively develops such applications itself is not as important; the
demonstration of extended cloud capabilities and availability of useful products will drive both cloud
and edge services further into broad use.
Benefit Rating: High
Market Penetration: 1% to 5% of target audience
Maturity: Emerging
Sample Vendors: AWS; Google; Microsoft
Serverless PaaS
Analysis By: Yefim V. Natis; Anne Thomas
Definition: A PaaS offering delivered with serverless characteristics is serverless PaaS. Serverless
is a way of delivering an IT service where the underlying resources are opaque, require no
preprovisioning, and are micropriced. Function PaaS (fPaaS) is the most notable example of a
serverless PaaS that layers additional constraints (event-driven triggering and limited execution time
and memory), and not a part of other serverless PaaS like databases, API managers or event
brokers.

Position and Adoption Speed Justification: Serverless delivery of IT services has gained broad
notice after Amazon popularized its AWS Lambda function platform as a service (fPaaS). Although
some associate the notion of serverless exclusively with fPaaS, the significance of serverless, as
delivered by the leading vendors (including Amazon, Google and Microsoft), extends beyond
functions. All PaaS capabilities can be delivered with serverless characteristics; of which some are
already and most will in the future. Serverless PaaS will augment, and in some cases replace, the
traditional transparent model of delivery, such as the model of Salesforce (Heroku), AWS Elastic
Beanstalk or IBM Cloud Liberty for Java.
Serverless PaaS can be achieved on-premises by the way of first establishing the true private cloud
and then deploying one of the now-emerging open-source serverless frameworks, like Pivotal
Function Service. In that case — the provider part of the organization deals with the enabling and
only the subscribing part of the organization gets the serverless experience. Public or private,
serverless effect can only be delivered by a cloud service that conceals and manages underlying
server and container operations.
As the full scope of serverless delivery of PaaS capabilities rolls out, the definition will likely be
refined — relaxed in some aspects and possibly further constrained in others. For example, future
serverless PaaS will support optional preprovisioning and autoscaling, offering lower costs to the
applications with steady and predictable demand for resources (Azure Functions support it already);
support for stateful operation will likely also be adopted (the serverless dbPaaS, like Amazon
DynamoDB, of course, are stateful already). Future serverless PaaS will likely also support
multidimensional SLAs related to performance and throughput, auto-adjusting of memory and CPU,
AI-driven runtimes and execution. The current market dynamic already reflects these trends.
Adoption of fPaaS is rapidly increasing new business applications, in new vendor renditions of
fPaaS (including most recently Oracle, Pivotal and Red Hat) and the emergence of several open-
source serverless programming frameworks and platforms (including OpenFaaS, Fission, Kubeless
and Apache OpenWhisk).
The principles of serverless are also increasingly applied beyond just the fPaaS or public cloud —
other cloud services from various providers are delivered serverless, including databases (Cosmos
DB FaunaDB, Amazon DynamoDB), API managers (Amazon API Gateway and Azure API
Management), message and event brokers (Google Cloud Pub/Sub, Azure Event Grid) and other
specialized xPaaS. fPaaS operational experience will become the foundation for the more general
serverless PaaS. As fPaaS evolves beyond hype — through the inevitable disappointments and
toward the Plateau of Productivity — serverless PaaS will follow, building on the fPaaS lessons
learned, but also creating its own hype and disappointments before maturity. The market interest in
"serverless" beyond just the fPaaS is bound to continue to increase, as fPaaS matures and its
benefits become increasingly attractive.
User Advice: Application leaders, CIOs, CTOs, IT leaders and planners should:
■ Use fPaaS offerings as representative of serverless PaaS to build in-house understanding of the
trade-offs of the new platform delivery model, but with clear understanding that some of the
constraints on design of functions (such as the event-driven model or duration of execution) are
not attributes of the general serverless model. fPaaS is a special purpose example, but not the
definition of serverless.

■ When selecting platforms for cloud-native initiatives, look for platform services that closely
approximate or match the serverless delivery model to achieve improved productivity, cost-
efficiency and consistency of outcomes, but ensure that the cost implications and design
constraints are not a counter-indication.
■ Avoid the serverless model if the project requires advanced and direct forms of control over
application infrastructure operations, or where cost estimates are excessive.
■ Make the cloud platform selections with an effort to minimize vendor or service lock-in; increase
investment in integration technology and practices — because ongoing innovations, including
the increasing adoption of serverless delivery model, will continue to compel you to consider
alternative options in platforms and vendors.
Business Impact: Serverless PaaS represents the true cloud-style operations for cloud platform
services. Adoption of a serverless PaaS delivery model will increase productivity and efficiency of
PaaS, and help to streamline development, scale operations and reduce infrastructure costs. It will
create a more consistent and manageable environment for cloud applications, but the
improvements will require adjustments in the practices and strategies of planning, designing and
operating the PaaS-based solutions. The adjustments, in turn, will render some current cloud
applications new legacy and will require some new training and tooling. Ultimately, the business
experience of the "serverless IT" will feature increased scalability, reduced costs and faster times to
market for IT-supported business initiatives.
Maturity: Emerging
Sample Vendors: Amazon Web Services; Google; IBM; Microsoft; Oracle; Pivotal; Red Hat
Recommended Reading: "The Key Trends in PaaS, 2018"
"Leverage Serverless Functions With Event-Driven Architecture to Create New Business Value"
"Innovation Insight for Serverless PaaS"
"Adding Serverless Computing and fPaaS to Your Cloud-Native Architecture Toolbox"
"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2016"
Cloud Tethering
Analysis By: Jay Heiser
Definition: Cloud tethering is an application delivery model in which a device-based application is

linked to the provider's cloud service for licensing. The provider gains greater confidence that

licensing rules are followed, while customers benefit from access to new features and updates
enabled through the cloud.
Position and Adoption Speed Justification: The success of "thick" applications on smartphones
and tablets has provided inspiration for software vendors to replace their traditional packaged
desktop application approach of a serialized licensing model with a one-time installation process.
Arguably, the phenomenon is relatively mature on Android and iOS devices, but it is much less
prevalent with PC applications. The advantages are compelling, though. Tethering desktop
applications to the vendor's cloud, which automatically updates the desktop software (as long as a
credit card number is still on file), offers the potential for a near-continuous deployment of updates
and fixes, and it meets vendor business goals for cash flow.
To make cloud tethering more appealing to consumers, and to create a dependency on continued
use of the application, application providers have explored a variety of cloud-based augmentations
to the desktop "client," including cloud storage and collaboration, cloud processing and internet
searching. As desktop computer usage continues to decline in favor of a mix of endpoints, including
tablets, phones and web browsers, cloud-tethered applications provide the user with a single view
of their application and its data, no matter what edge device they happen to be using.
User Advice: For the most part, consumers will have no ability to choose whether or not to use a
cloud-tethered application, and vendors that are still offering a traditional licensing model to
enterprises are learning that they likely will not need to do so in the long term. At this point, the
ability to choose between the old and new model is rapidly declining. Procurement professionals
will be increasingly challenged to negotiate with software vendors that would prefer a totally
automated sales model.
Cloud tethering changes the licensing model, significantly reducing licensing violations. The
relatively low cost of a single seat, and the use of credit-card-enabled subscriptions, means that the
emphasis of IT staff responsible for software asset management is shifting from compliance
management, financial and even performance management.
The value-add mechanisms and especially the multidevice convenience enabled by cloud-tethering
are encouraging greater use and variety of SaaS, which over time increases the business demand
for SaaS integration or customization. The ability to support a variety of different thick and thin
clients adds further complexity to the SaaS applications. Decisions to use a new SaaS app, or to
introduce a new use case, should evaluate the "agility risk" — the degree to which some future form
of enterprise value-add may be undesirably difficult or impossible.
The seamless mixing of end-user devices inherent in cloud-tethered offerings makes it extremely
difficult to prevent proprietary or regulated data from flowing from the enterprise through personal
devices out to unauthorized people, home PCs or unsanctioned cloud-based collaboration.
Organizations that are heavily motivated to control sensitive data should consider the use of cloud
access security broker (CASB) tools to track or block data flow. A small number of SaaS
collaboration applications provide encryption mechanisms, including information rights
management, which can prevent access to data by unauthorized people.

In many cases, the vendor's cloud is the primary or exclusive storage location. Cloud tethering
increases the urgency associated with SaaS vendor risk management and cloud contingency
planning. The vendors are aware that not all of their customers are permanently tethered to the
internet, and have engineered some "statelessness" into their applications, but poor performance
and even complete failure can occur when endpoints do not have broadband access.
Maintain a registry of SaaS in use to ensure that the risks associated with the above considerations
are recognized, managed and, if necessary, eliminated.
Business Impact: Software tethering represents yet another reduction in IT's ability to control the
use of digital assets. It is one of several aspects of public cloud computing that is reducing the need
to perform many of the routine tasks traditionally performed by the IT staff, while creating needs for
new forms of control and digital optimization. For the most part, the enhanced functionality enabled
through an intimate relationship with the public cloud will provide capabilities that the individual and
business department welcome.
Maturity: Adolescent
Sample Vendors: Adobe; Box; Concur Technologies; Dropbox; LinkedIn; Microsoft
Immutable Infrastructure
Analysis By: Lydia Leong
Definition: Immutable infrastructure is an architectural pattern in which the system and application
infrastructure, once instantiated, is never updated in-place. Instead, when changes are required, the
infrastructure is simply replaced. Immutable infrastructure could encompass the entire application
stack, in-versioned templates provisioned using API-enabled infrastructure capabilities, which are
most commonly available in cloud infrastructure as a service (IaaS) or platform as a service (PaaS).
Position and Adoption Speed Justification: Immutable infrastructure is typically used by

organizations that take a DevOps approach to managing cloud IaaS or PaaS; however, it can be
used in any environment that supports "infrastructure as code." It represents a significant change in
process for traditional infrastructure and operations (I&O) organizations. It may be instantiated using
native cloud capabilities, such as Amazon Web Services' CloudFormation or Microsoft Azure's
Resource Manager templates; cloud management platforms (CMPs), such as RightScale; software
tools, such as HashiCorp's Terraform; or the customer's own automation scripts.
Some or all of an application stack will be instantiated, often in the form of virtual machine (VM)
images combined with continuous configuration automation (CCA) tools — such as Ansible, Chef or
Puppet — that run after the initial boot of the VM. However, in environments that use OS containers,
containers may be quickly replaced, whereas VMs remain constant. Containers improve the

practicality of implementing immutable infrastructure and will drive greater adoption in cloud, as well
as noncloud, environments.
User Advice: Immutable infrastructure is used to ensure that system and application infrastructure
is accurately deployed and remains in a known-good-configuration state. It can simplify change
management, support faster and safer upgrades, reduce operational errors, improve security, and
simplify troubleshooting. It can also enable rapid replication of environments for disaster recovery,
geographic redundancy or testing.
The application stack for immutable infrastructure is typically composed of layered components,
each of which should be independently versioned and replaceable. The base OS for the stack may
be updated using traditional patching tools, or automatically or manually updated. Automation is
then used to bundle components into artifacts suitable for atomic deployment — for example, a tool
such as HashiCorp's Packer may be used to create VM images, or Docker may be used to manage
container images. However, immutable infrastructure typically consists of more than just compute
infrastructure. Storage, network and other resources are also provisioned as part of the atomic
deployment. The scripts, recipes, and other code used for this purpose should be treated similarly
to the application source code itself; this requires appropriate software engineering discipline.
Some organizations that use immutable infrastructure will reprovision only when a change is made,
whereas others automatically refresh the infrastructure at frequent intervals to eliminate
configuration drift or the possibility of advanced persistent threats. Frequent refresh is only practical
in environments with fast and reliable provisioning; thus, it benefits strongly from containers.
The use of immutable infrastructure requires strict operational discipline. IT administrators should
eliminate the habit of making one-off or ad hoc modifications in order to avoid configuration drift.
Updates must be made to the individual components, versioned in a source-code-control
repository, then redeployed so that everything is entirely consistent. No software, including the OS,
is ever patched "live." Organizations that use immutable infrastructure may turn off all normal
administrative access to instantiated compute resources — for example, not permitting Secure Shell
(SSH) or Remote Desktop Protocol (RDP) access. IT leaders should set a hard date for when all new
workloads will use immutable infrastructure if technically feasible; deadlines can be effective
motivators of behavior change.
Business Impact: DevOps-oriented organizations that can instantiate infrastructure via automation
— typically, in cloud IaaS, PaaS or container services — should strongly consider using immutable
infrastructure for continuous delivery environments. It is even more vital for continuous deployment
environments. Organizations with high-security or regulatory compliance needs should also strongly
consider adopting immutable infrastructure in order to continuously maintain consistent, compliant
configurations without traditional patch management. Broadly, most organizations with
environments that support "infrastructure as code" may be able to benefit from immutable
infrastructure. IT organizations that adopt immutable infrastructure must adapt their application life
cycle and operational processes around this architectural pattern. The success of immutable
infrastructure depends on having the operational discipline to ensure that the infrastructure is truly
immutable and disposable.

Sample Vendors: Amazon Web Services; Fugue; HashiCorp; Microsoft; RightScale
Recommended Reading: "How to Make Cloud IaaS Workloads More Secure Than Your Own Data
Center"
"Security Considerations and Best Practices for Securing Containers"
"Comparing Three Approaches to Modern Server Automation, From Scripting to DevOps Tools"
At the Peak
Edge Computing
Analysis By: Bob Gill; Philip Dawson
Definition: Edge computing describes a distributed computing topology where information

processing is placed close to the things or people that produce and/or consume that information.
Drawing from the concepts of mesh networking and distributed data centers, edge computing looks
to keep traffic and processing local and off the center of the network. The goals are to reduce
latency, reduce unnecessary traffic, and establish a hub for interconnection between interested
peers and for data thinning of complex media types or computational loads.
Position and Adoption Speed Justification: Most of the technology for creating the physical
infrastructure of edge data centers is readily available, but widespread application of the topology
and explicit application and networking architectures are not yet common outside of vertical
applications such as retail and manufacturing. As IoT demand and use cases proliferate, the
acceptance of edge computing as the topological design pattern (namely the "where" a "thing" is
placed in an overall architecture) has dramatically increased interest in edge. Systems and
networking management platforms will need to be stretched to include edge locations and edge-
function-specific technologies such as data thinning, video compression and analysis.
User Advice: We urge enterprises to begin considering edge design patterns in their medium- to
longer-term infrastructure architectures. Immediate actions might include simple trials using
colocation and edge-specific networking capabilities or simply placing remote-location or branch
office compute functions in a standardized enclosure (e.g., "data center in a box"). Some
applications, such as client-facing web properties and branch office solutions, will be simpler to
integrate and deploy, while data thinning and cloud interconnection will take more planning and
experimentation to get right. We are beginning to see viable offerings from the hyperscale cloud
providers in extending their programming models and management systems to edge-located
devices, complementing their mostly centralized computing model with a distributed analog.

Business Impact: Edge computing solves many pressing issues such as unacceptable latency and
bandwidth limitations given a massive increase in edge-located data. The edge computing topology
will enable the specifics of IoT, digital business and IT solutions uniquely well in the near future.
Benefit Rating: Transformational
Sample Vendors: Amazon; Apple; Google; Microsoft
Recommended Reading: "Digital Business Will Push Infrastructures to the Edge"
"Top 10 Strategic Technology Trends for 2018: Cloud to the Edge"
"The Edge Manifesto: Digital Business, Rich Media, Latency Sensitivity and the Use of Distributed
Data Centers"
Hyperscale Computing
Definition: Hyperscale computing is a set of architectural patterns for delivering scale-out IT

capabilities at massive, industrialized scale. These patterns span all layers of the delivery of IT
capabilities — data center facilities, hardware and system infrastructure, application infrastructure,
and applications. Nonhyperscale components can be layered on top of hyperscale components, but
the overall architecture is only "hyperscale" through the level where all components use a
hyperscale architecture.
Position and Adoption Speed Justification: Hyperscale computing is a radically transformational

architecture and IT management style that demands new skills but can offer excellent economies of
scale. A full hyperscale application stack consists of components that must facilitate scaling on
demand, as well as the elimination of human labor for management, in favor of automation,
including:
■ A massive data center designed to house scale-out hardware.

■ Hyperscale servers — traditionally, x86-based servers with minimalist designs and no hardware
redundancy, which are used to deliver compute capacity along with software-defined storage
and network capabilities. These servers are often custom-engineered, although vendors have
begun to sell servers based on standard designs such as the Open Compute Project or Project
Scorpio (in Asia).
■ Optionally, hypervisor-based virtualization (typically open-source-based, such as KVM or Xen),
or "off-box" virtualization (typically using a PCI Express card).
■ An infrastructure management plane that performs resource management.

■ A minimalist OS such as Red Hat Enterprise Linux Atomic Host or Microsoft Nano Server; a
purpose-built OS such as Cumulus Linux (used for network switches); or a standard OS
reduced to the essentials.
■ Optionally, OS containers with container management and orchestration.
■ Scale-out application infrastructure, architected for resilience to failure at lower levels of the
stack.
■ The scale-out application, architected for resilience to failure at any level of the stack, including
failure of other application components. The application is likely to be decomposed into
microservices.
Each of these architectural patterns exists at different levels of maturity. It is rare for organizations to
have fully implemented hyperscale computing; few have the scale of infrastructure consumption or
the extensive software engineering skills needed to cost-effectively implement all the custom
management software necessary. Thus it is almost solely the domain of companies such as
Facebook, Google, Baidu and Tencent. However, hyperscale cloud services such as Amazon Web
Services, Microsoft Azure and Alibaba Cloud have made many such capabilities available to IT
buyers, who may use these services to deploy nonhyperscale or hyperscale applications.
User Advice: Only the most technologically capable early adopters should consider fully
implementing hyperscale computing themselves, and should only consider the purchase of
hyperscale servers for massive-scale, horizontally scalable applications where all resilience can be
provided by the software. HPC applications may be a good first target.
However, nearly all IT organizations can benefit from the use of hyperscale cloud services.
Hyperscale cloud IaaS uses hyperscale architectures at the management plane level and below for
VM-based IaaS, or at the container level and below for container-based IaaS. Providers may also
offer hyperscale PaaS layer services, which use hyperscale architectures at the application
infrastructure level and below. Customers must write scale-out applications to take full advantage of
these capabilities, but even nonhyperscale applications can benefit from the cost efficiencies of the
underlying hyperscale infrastructure.
IT organizations may also benefit from hyperscale-derived architectural patterns at particular layers,
since these patterns often represent best practices for scalability at each of those layers. Web-scale
IT derives its inspiration from hyperscale architectural patterns and should be considered as a
practical alternative.
Business Impact: Hyperscale computing has the potential to dramatically lower the total cost of
ownership (TCO) of infrastructure and applications. However, much of this TCO reduction is due to
the purpose-built nature of most hyperscale architectures, which are usually highly tailored to run a
small number of applications or specific application patterns. The broader the workloads that must
be supported, the lower the potential cost savings. In the near term, most organizations will not
implement hyperscale computing themselves, but instead will use hyperscale cloud services.

Sample Vendors: Amazon Web Services; Cumulus Networks; Facebook; Google; Quanta
Computer; Supermicro
Recommended Reading: "Bringing Hyperscale Computing to the Enterprise"
Cloud Managed Services

Analysis By: Craig Lowery; Ed Anderson
Definition: Cloud managed services are IT service offerings that provide for the day-to-day
management of and operational responsibility for cloud service environments. Cloud managed
services generally include day-to-day monitoring and management of cloud service environments
including configuration management, performance management, cost optimization, security and
compliance monitoring, capacity management, financial management and governance. Cloud
services brokerage is often delivered as a cloud managed service.
Position and Adoption Speed Justification: Cloud managed services can meet many of the needs
of organizations today. However, providers have varying levels of capability based on the specific
technologies and personnel roles they use to deliver their services. The use of automation in the
delivery of cloud managed services is a significant differentiator. Like end-user organizations,
providers are faced with the challenges of sourcing tools and developing a skilled workforce to meet
the demands of a growing, volatile market. Cloud service providers also typically provide
consultative and implementation (professional) services, again with varying degrees of capability
across providers.
Demand for cloud managed services will continue to increase as organizations move from simple to
more complex cloud use cases, often involving hybrid cloud solutions. Strong cloud managed
services providers will demonstrate cloud capabilities aligned with hyperscale IaaS+PaaS providers
and will embrace new technology innovations such as artificial intelligence, automation, data
services, IoT and edge computing.
User Advice: Organizations considering cloud managed service offerings must carefully assess
providers to ensure the provider has sufficient current expertise and a track record of success.
Providers typically offer cloud-related IT service offerings across the adoption spectrum from
advisory services (design), implementation services (build) and managed services (run). Look for
providers with capabilities across this continuum and a defined product roadmap. These attributes
are present in the providers that are most likely to have a full understanding of cloud-specific
requirements and therefore the most complete cloud professional and managed service capabilities.
Other factors to consider:
■ Demonstrable partnerships with leading cloud providers, including partner status in cloud
provider partner programs

■ Proven expertise and commitment to long-term support of your strategic cloud provider(s)
■ Certifications held by individual engineers, operators and deployment managers
■ Customer use cases demonstrating successful delivery of managed service offerings
■ Expertise in the industry, region and country associated with the target environment
■ Demonstration of innovation in delivering new capabilities beyond cloud
■ Integration of noncloud capabilities in an end-to-end visibility and management scheme
■ Investment in cloud and digital technologies consistent with market trends, such as multicloud
management and hybrid cloud computing
Selecting a cloud managed services provider may create a dependency on the provider that can be
difficult to sever in the event the provider cannot successfully deliver the offering. Perform a careful
and thorough inspection of the services prior to making long-term commitments.
Business Impact: Cloud managed services can fill a critical function in managing and operating a
cloud service environment. When coupled with innovation, cloud managed services can help an
organization exploit the full capabilities of the cloud for near- and long-term benefits. Most
organizations will engage cloud managed services to assist with the immediate challenges of
running a complex cloud environment, usually after assisting with a mass migration from an on-
premises facility. In this case, the organization will recognize only moderate benefits. However, when
organizations work with their providers to unlock the uniquely disruptive potential possibilities of
cloud and engage in more innovative, digital processes, the outcomes can be transformative and
return far greater value for the organization on its cloud computing investment.
Sample Vendors: 2nd Watch; Accenture; Allcloud; Cloudnexa; Cloudreach; Deloitte; DXC;
Rackspace; Tata Consultancy Services
Recommended Reading: "Magic Quadrant for Public Cloud Infrastructure Managed Service
Providers, Worldwide"
"Critical Capabilities for Public Cloud Infrastructure Managed Service Providers, Worldwide"
"Use Managed and Professional Services to Improve Cloud Operations for Digital Business"
Cloud Service Expense Management

Analysis By: Dennis Smith

Definition: Cloud service expense management (CSEM) is the practice of reviewing and reconciling
the charges for services provided by external cloud service providers (CSPs). A set of vendors
provide tools to answer questions such as, "Did you get what you paid for?" and "Are you paying
for the right things?" Managing cloud expenses is becoming increasingly important, because, as
organizations increase the number of cloud services they use, many don't understand their external
cloud consumption and the associated expenses.
Position and Adoption Speed Justification: The need to provide cost management within cloud
deployments has become prominent as investment in public cloud resources grows and the need
for expense transparency also increases. Organizational maturity regarding CSEM continues to lag.
The energy associated with using external cloud resources has outpaced efforts to gain a deeper
view of expenses.
There is increased industry awareness of the need for this functionality as public cloud adoption has
increased. Many vendors that initially provided CSEM functionality are now combining this with
related functionality such as governance and/or cloud workload optimization. Initially, cloud
management platforms (CMPs) did not address CSEM, but recently more CMPs have added the
functionality. Additionally a number of stand-alone CSEM vendors have been acquired with their
capabilities being integrated with other capabilities provided by the acquiring company (often
workload optimization and governance).
User Advice: IT leaders need a strong understanding of their external cloud expenses. They should
deploy processes and tools to:
■ Determine who in the organization is spending money on cloud resources.

■ Ascertain whether they've gotten what they paid for — to gain an understanding of the expense,
IT leaders need to know whether they received the appropriate services associated with the
expenditure.
■ Obtain the best value possible — IT leaders need to track the services they need against the
expenses incurred, and to determine whether there are more efficient ways of obtaining the
same required services.
■ Evaluate usage for what was contracted — overprovisioning can be costly, so IT leaders need
to identify whether they're using the services for which they've paid.
■ Align expenses to needs — IT leaders need to be able to interrogate the expenses incurred and
to determine whether they're being properly applied to real imperatives.
If you are looking to select or have deployed a CMP tool, look to see what CSEM capabilities are
provided.
Do not accept your service provider's invoice at face value. Even if it's accurate, you can probably
identify potential expense reductions or invest in more processing power for applications or services
that create additional business value.
Business Impact: CSEM has the potential to affect business services and processes across all
verticals. This involves the ability to compare costs, identify waste and create more-efficient

spending opportunities. Treating public cloud resources in a businesslike manner — optimizing

resource unitization and managing spending — will enhance IT's credibility by delivering business
value in terms that business leaders understand.
Sample Vendors: Cloudability; CloudCheckr; CloudHealth Technologies; RightScale
Recommended Reading: "How to Budget, Track and Reduce Public Cloud Spending"
"Market Guide for Cloud Management Platforms"
"Key Concepts in IT Financial Management: Budgeting, Funding, Transparency and Allocation"
"Innovation Insight for Cloud Service Expense Management Tools"
Multicloud
Analysis By: David Mitchell Smith
Definition: Multicloud computing refers to the use of cloud services from multiple public cloud
providers for the same purpose. It is a special case of hybrid cloud computing, which is a broader
term.
Hybrid cloud refers to multiple cloud services from multiple providers. It does not specify the origin
of those services, but in most cases a public source and a private source are involved. Hybrid
cloud, as a broad term, is subject to more hype and confusion and is more common.
Position and Adoption Speed Justification: Multicloud computing can be planned or can evolve
due to multiple groups in an organization making decisions to procure multiple services from
different providers. An example of this is when multiple cloud providers are used as part of a high
availability or redundancy or exit strategy in a planned manner. Multicloud is much more common in
IaaS (and converged IaaS/PaaS) scenarios than SaaS. While it is possible for multi-SaaS
environments in an organization, these would typically be stovepiped types of situations. Multicloud
does not include very common situations such as using Amazon Web Services (AWS) for IaaS and
Microsoft Office 365 for cloud office SaaS.
Multicloud computing can provide advantages of lowering the risk of cloud provider lock-in, can
specify functional requirements that a business unit may have, and can provide service resiliency
and migration opportunities, in addition to the core cloud benefits of agility, scalability and elasticity.
As with many cloud-related concepts, there are many variations in real-world use and scope. In this
case, there are "multicloud strategies" that entail the various goals (e.g., exit strategy, portability,

use of multiple providers — but don't specify details) and "multicloud solutions" (which rely on
architectural principles and specific implementation details).
User Advice: When using multiple cloud computing services, establish security, management,
governance guidelines and standards to manage cloud service sprawl and increasing cost, and
develop decision criteria to decide placement of services. Multicloud implementations will need
coordination and strategy across the enterprise to identify the type of services needed and deliver
the benefits of a cloud environment. IT organizations will also need training, skilled engineers, and
be prepared for the additional expense. Use of a cloud management platform (CMP) and/or a cloud
service brokerage (CSB) in a multicloud environment can enable organizations to implement
governance and optimizations, but care must be taken to not just shift vendor lock-in to a CMP or
CSB vendor.
Business Impact: Multicloud provides an organization with agility and the potential of some target
cost optimization opportunities. It also provides a basis to lower cloud provider lock-in and increase
workload migration opportunity.
Sample Vendors: Amazon; Google; IBM; Microsoft; Oracle
Recommended Reading: "A Guidance Framework for Architecting Portable Cloud and Multicloud
Applications"
"Hybrid Architectures for Cloud Computing"
Container Management
Analysis By: Dennis Smith; Arun Chandrasekaran
Definition: Container management software supports the management of containers at scale in

production environments. This category of software includes container runtimes, container
orchestration, job scheduling, resource management and other container management capabilities.
Container management software brokers the communication between continuous integration/
continuous deployment (CI/CD) pipeline and the infrastructure via APIs and aid in life cycle
management of containers.
Position and Adoption Speed Justification: Interest in containers is rising sharply, due to the
introduction of container runtimes, which have introduced common container packaging formats
that are more easily consumable by, and useful to, application developers and those with a DevOps
approach to IT operations. Container runtimes, frameworks and other management software have
increased the utility of containers by providing capabilities such as packaging, placement and
deployment, and fault tolerance (e.g., cluster of nodes running the application). Container
management software integrates these various elements to simplify deploying containers at scale.

Many vendors enable the management capabilities across hybrid cloud or multicloud environments
by providing an abstraction layer across on-premises and public clouds. Container management
software can run on-premises, in public infrastructure as a service (IaaS) or simultaneously in both
for that purpose.
Most common use of container is focused specifically on Linux environments, and management
software follows accordingly. Native containers have been introduced to Microsoft Windows in
Windows Server 2016, but still significantly lag Linux containers in every respect.
Among the functionality that container management systems provide are orchestration and
scheduling; monitoring and logging; security and governance; registry management; and links to
CI/CD processes. Among the vendor offerings are hybrid container management software, public
cloud infrastructure as a service (IaaS) solutions specifically designed to run containers, and PaaS
frameworks that have incorporated integration with container management software.
There is a high degree of interest in, and awareness of, containers within early-adopter
organizations, particularly in North America, and significant grassroots adoption from individual
developers. Consequently, containers will be used with increasing frequency in development and
testing — particularly for Linux. Early adopter organizations are using container runtimes in
production environments, and many IT organizations have begun to explore how such use would
alter processes and tools in the future. Container management software is likely to remain an early-
adopter technology for the next year or two.
User Advice: Organizations should begin exploring container technology as a means for packaging
and deploying Linux applications and their runtime environments. Depending on the environment,
container management tools are often deployed complementarily with continuous configuration
management tools. As container integration is added to existing DevOps tools and to the service
offerings of cloud IaaS and PaaS providers, DevOps-oriented organizations should experiment with
altering their processes and workflows to incorporate containers. An organization may be a good
candidate for exploring a cloud-native container management tool in conjunction with OS
containers (as an alternative to hypervisor-based cloud management platforms), if it meets the
following criteria:
■ It's DevOps-oriented or aspires to become DevOps-oriented

■ It has high-volume, scale-out applications with a willingness to adopt microservices
architecture; or large-scale batch workloads
■ It's able to ensure security and isolation to enable trust between containers
■ It intends to use an API to automate deployment, rather than obtaining infrastructure through a
self-service portal
Business Impact: Container runtimes make it easier to take advantage of container functionality,
including providing integration with DevOps tooling and workflows. Containers provide productivity
and/or agility benefits, including the ability to accelerate and simplify the application life cycle,
enabling workload portability between different environments and improving resource utilization

efficiency and more. Container management software simplifies the art of achieving scalability,
production readiness and optimizing the environment to meet business SLAs.
Maturity: Emerging
Sample Vendors: Amazon Web Services; Docker; Google Cloud Platform; Mesosphere; Microsoft
Azure; Pivotal; Rancher Labs; Red Hat
Recommended Reading: "Answering the 10 Biggest Questions About Containers, Microservices

and Docker"
"Survey Analysis: Container Adoption and Deployment, 2018"
"Market Guide for Container Management Software"
"Market Guide for Public Cloud Container Services"
IoT Platform
Analysis By: Alfonso Velosa; Eric Goodness; Benoit J. Lheureux
Definition: An Internet of Things (IoT) platform is software that enables development, deployment
and management of solutions that connect to and capture data from IoT endpoints. It is a suite of
functional capabilities:
■ Device management
■ Integration
■ Data management
■ Analytics
■ Application enablement
■ Security
It may be delivered as a hybrid combination of edge software platform and/or cloud IoT platform as
a service.
Position and Adoption Speed Justification: Enterprises continue to add IoT capabilities to assets
and products, seeking benefits such as asset optimization, better interactions with customers, and
new business opportunities such as product as a service. The sophistication, scale and business
value of these interactions call for specialized technology resources, resulting in the IoT platform.
The IoT platform may be deployed in a hybrid cloud or edge fashion to meet technical or business
objectives. The edge software is further distributed between the endpoints and gateways.

Continued vendor hype, along with culture, schedule, security and technical challenges for IoT
projects, has pushed IoT platforms past the Peak of Inflated Expectations. 2018 sees many large
vendors reorganizing their IoT businesses and evolving their offerings and market strategy. A further
complication is the rise of embedded solutions by OEMs using them as part of existing business
operations. These issues also lead us to push out the time to plateau to five to 10 years.
User Advice: CIOs should factor in the following for their IoT platform strategy:
■ Project strategy: Identify the range of IoT projects for your enterprise, and segment them by
their complexity and business objectives. This will help you establish a flexible, multivendor
architecture. Start with smaller initiatives to build momentum, test business hypothesis and
acquire implementation lessons, while limiting enterprise and career risk.
■ Skills: IoT projects will require new capabilities for your organization. Build an IoT capabilities
gap analysis, a skills migration plan, and training program for your developers and business
analysts. In parallel, perform an assessment of IoT skill sets within your enterprise. Plan to
leverage a service partner to ramp up as you train internal resources.
■ Platform customization: Understand that an IoT platform is a starting point. No IoT platform will
work straight off the shelf. Customize the platform to build a solution for your unique
circumstances (for example, adding third-party security or device support or analytics to meet
special needs).
■ Vendor selection: Evaluate candidate IoT platforms in terms of their fit-to-your-business
objectives and technology, but expect roadmaps to evolve quickly in the fast-changing IoT
market. Key criteria will be vendor capabilities to scale from proofs of concept to operational-
scale deployments, vertical market expertise, their partner ecosystem and customer references.
Business Impact: There is a significant opportunity from IoT-enabled business moments to achieve
greater business value. This includes making better decisions from the insights, information and
data that are generated by instrumented assets, and providing better control of things distributed
across the enterprise and its external stakeholders. Unfortunately, this data has been largely locked
in the assets — mostly due to lack of connectivity, but also because of lack of systems and
governance processes to obtain and share this data systematically.
IoT platforms act as the intermediary between the "thing" and the IT and OT systems and the
business processes. Therefore, they facilitate the introduction of a new potentially transformative
wave of digital business innovation and digital transformation to enterprises. IoT platforms provide
the middleware foundation to implement asset-centered business solutions — and are part of a
broader technology solution to manage multiple IoT applications in an agile/flexible fashion.

Sample Vendors: ABB; Atos Origin; Bosch Software Innovations; GE Digital; LTI; OpenText; Prodea
Systems; relayr; Software AG; WSO2
Recommended Reading: "Magic Quadrant for Industrial IoT Platforms"
"Market Guide for IoT Platforms"
"Use the IoT Platform Reference Model to Plan Your IoT Business Solutions"
"Predicts 2018: Expanding Internet of Things Scale Will Drive Project Failures and ROI Focus"
"Implementing and Executing Your Internet of Things Strategy: A Gartner Trend Insight Report"
"Architect IoT Using the Gartner Reference Model"
Machine Learning
Analysis By: Shubhangi Vashisth; Alexander Linden; Carlie J. Idoine
Definition: Machine learning is a technical discipline that aims to solve business problems utilizing
mathematical models that can extract knowledge and pattern from data. There are three major
subdisciplines that relate to the types of observation provided: supervised learning, where
observations contain input/output pairs (also known as "labeled data"); unsupervised learning
(where labels are omitted); and reinforcement learning (where evaluations are given of how good or
bad a situation is).
Position and Adoption Speed Justification: Machine learning is still one of the hottest concepts in
technology, given its extensive range of effects on business. The drivers of its continued massive
growth and adoption are the growing volume of data and the complexities that conventional
engineering approaches are unable to handle. An increasing number of organizations are exploring
use cases for machine learning and many are already in the initial phases of pilot/POC. Tech
providers are adding embedded machine learning capabilities into their software. Despite the
heightened interest in the technology, most organizations are still dabbling in their approaches to
machine learning. Finding relevant roles and skills needed to implement machine learning projects is
a challenge for such organizations. As the volume and sources of data increase, the complexity of
systems will also grow and, in such scenarios, traditional software engineering approaches would
produce inferior results. In the future, advances in many industries will be impossible without
machine learning.
User Advice: For data and analytics leaders:
■ Start with simple business problems for which there is consensus about the expected
outcomes, and gradually move toward complex business scenarios.
■ Utilize packaged applications, if you find one that suits your use case requirements. These often
provide superb cost-time-risk trade-offs and significantly lower the skills barrier.
■ Nurture the required talent for machine learning, and partner with universities and thought
leaders to keep up to date with the rapid pace of advances in data science. Create an

environment conducive to continuous education, and set explicit expectations that this is a
learning process and mistakes will be made.
■ Track what initiatives you already have underway that have a strong machine learning
component — for example, customer scoring, database marketing, churn management, quality
control and predictive maintenance — to accelerate machine learning maturation through cross-
pollination of best practices. Monitor what other machine learning initiatives you could be a part
of and what your peers are doing. The choice of machine learning algorithms is also influenced
by the ability to explain how the algorithm arrived at a certain outcome.
■ Assemble a (virtual) team that prioritizes machine learning use cases, and establish a
governance process to progress the most valuable use cases through to production.
■ Focus on data as the fuel for machine learning by adjusting your data management and
information governance for machine learning. Data is your unique competitive differentiator and
high data quality is critical for success of machine learning initiatives. Although the choice of
fundamental machine learning algorithms is fairly limited, the number of algorithm variations and
available data sources are vast.
Business Impact: Machine learning drives improvements and new solutions to business problems
across a vast array of business, consumer and social scenarios:
■ Automation
■ Drug research
■ Customer engagement
■ Supply chain optimization
■ Predictive maintenance
■ Operational effectiveness
■ Workforce effectiveness
■ Fraud detection
■ Resource optimization
Machine learning impacts can be explicit or implicit. Explicit impacts result from machine learning
initiatives. Implicit impacts result from products and solutions that you use without realizing they
contain machine learning.

Sample Vendors: Alteryx; Amazon Web Services; Domino Data Lab; Google Cloud Platform;
H2O.ai; IBM (SPSS); KNIME; Microsoft (Azure Machine Learning); RapidMiner; SAS
Recommended Reading: "Magic Quadrant for Data Science and Machine Learning Platforms"
"Critical Capabilities for Data Science and Machine Learning Platforms"
"Machine Learning: FAQ From Clients"
"How to Start a Machine Learning Initiative With Less Anxiety"
"Five Ways Data Science and Machine Learning Deliver Business Impacts"
Sliding Into the Trough
API Economy
Analysis By: Paolo Malinverno
Definition: The API economy is a set of business models and channels. It is based on secure
access of functionality and exchange of data to an ecosystem of developers and the users of the
app constructs they build. It is offered through APIs, either within a company or using the internet,
with business partners and customers.
Position and Adoption Speed Justification: APIs have always been everywhere, but they were
rarely used by anyone other than the development group that designed them. The basic principle of
the API economy is that APIs can be new products that a company offers to open new business
channels, advance a digital transformation, entice an ecosystem of partners or to sell more of its
traditional products.
When we use a smartphone app, or book a ticket for our favorite concert, we use APIs — we live in
an API economy already. As companies execute digital strategies, and smart devices consume
APIs, this is only going to grow.
The API economy has established itself, as a precursor of digital strategies, and the primary way to
grow an ecosystem. It has now passed the Peak of Inflated Expectations, the hype is decreasing,
and it is sliding quickly into the Trough of Disillusionment. Even if fewer people talk about the API
economy today, everybody realizes the role of APIs in digital transformations, and the original
concept of the API economy lives on.
User Advice: Read "Top 10 Things CIOs Need to Know About APIs and the API Economy" and
understand the following:
1. To start an API program, you don't start from the APIs, you start from the needs of the
applications consuming them.
2. APIs are doors into your data and the functions of your IT systems: Secure them properly; once
an API is out there, people will use it for purposes you never thought about.

3. Just running hackathons for fun will not get you any place (or value).
4. You don't monetize most APIs directly, indirect is the most common model in the API economy
today.
5. Only build APIs that already have an identified consumer.
6. APIs are at the center of modern application architectures, and API mediation enables the
outside-in model for applications that the API economy is based on.
7. Bimodal for applications needs APIs, and vice versa.
8. Don't build it, they won't come: Enticing developers is becoming a full science, and is the basis
of the value system of the API economy; create the role of API product manager to govern APIs
through a life cycle.
9. Tailor your API experiences for the consumers, but keep versions under tight control: An API
management platform will allow the API to behave differently depending on the consumer.
10. Consuming APIs will be more common than providing APIs.
Business Impact: A platform offering APIs is the basis of a digital strategy, and companies will
either use somebody else's platform (thus being part of one of more ecosystems) or build one,
creating a fresh ecosystem using it. APIs provide the technical foundation to a platform business.
Several business models are associated with publishing APIs (see "Choosing the Right API Pricing
(and Funding) Model"). Companies gain different types of value from publishing APIs or running
hackathons to build innovation and get new ideas on a platform — value that goes beyond
enhancing your company image by appearing innovative. In some cases, especially when the
product can be delivered electronically (for example, TV access to yesterday's final of a sporting
event), companies can directly charge for API volume usage. However, the most common model in
the API economy today is indirect, where a company provides free access to the APIs they publish
in return for a leaner/quicker/more efficient execution of a business process (like ordering goods in a
supply chain), or for increased sales of a traditional product (for instance, travel companies get more
bookings if they publish APIs into their reservation systems).
Maturity: Early mainstream
Recommended Reading: "The API Economy: Turning Your Business Into a Platform (or Your
Platform Into a Business)"
"Choosing the Right API Pricing (and Funding) Model"
"Create the Role of API Product Manager as Part of Treating APIs as Products"
"Top 10 Things CIOs Need to Know About APIs and the API Economy"

"A Strategic Marketing Mindset Is Essential to Externally Facing API Initiatives"
Cloud-Native Application Architecture

Analysis By: Anne Thomas
Definition: Cloud-native application architecture is a set of application architecture principles and

design patterns that enables applications to fully utilize the agility, scalability, resiliency, elasticity,
on-demand and economies of scale benefits provided by cloud computing. Cloud-native
applications are latency-aware, instrumented, failure-aware, event-driven, secure, parallelizable,
automated and resource-consumption-aware (LIFESPAR).
Position and Adoption Speed Justification: Many organizations are adopting cloud platforms to
gain agility, scalability and resiliency benefits to support their digital business initiatives. Market data
clearly indicates the shift to cloud platforms: Currently, the application platform as a service (aPaaS)
market is about 82% of the size of the application platform software market (where revenue
predominantly comes from sales of traditional application servers). But the application platform
software market is shrinking slightly, while the application platform as a service (aPaaS) market is
growing rapidly (12% annually). Meanwhile, sales of cloud-enabled application platform (CEAP)
software (which can be deployed on-premises on IaaS) are also starting to supplant traditional
application server sales. In 2017, aPaaS and CEAP sales together exceeded traditional application
server software sales.
Out of necessity, organizations are starting to adopt cloud-native architecture to make the most of
cloud benefits and to ensure their applications are scalable and resilient. Organizations that simply
lift-and-shift traditional three-tier applications to aPaaS or CEAPs often find that they perform
poorly. Most traditional applications include cloud anti-patterns, consume excessive resources, and
aren't able to fail and recover gracefully. Developers must presume that cloud-based resources are
not resilient, and cloud-native patterns build resiliency into the application. Developers also must
adapt their application architecture to support DevOps practices that go along with cloud platforms,
including self-service and automated provisioning, blue/green deployments, and canary testing. A
basic set of rules known as the "twelve-factor app" ensures that applications can support these
practices.
User Advice: Application architecture leaders should:
■ Develop a strategy to deal with the obsolescence of three-tier client/server architecture. Retain
traditional application servers for existing legacy applications, but use lightweight infrastructure
and cloud-native frameworks for digital business application development projects.
■ Adopt aPaaS or CEAP to help increase agility and to obtain the capabilities required for digital
business. Consider serverless options, such as function PaaS, for applications with highly
variable loads.
■ Design all new applications to be cloud-native, or at least cloud-ready, irrespective of whether
you currently plan to deploy them in the cloud. At some point, you will want to deploy them to a
cloud platform. A cloud-ready application is one that can safely run on a cloud platform,
although doesn't fully utilize cloud characteristics.

■ If business drivers warrant the investment, rearchitect or rebuild existing applications to be

cloud-native and move them to aPaaS. Rehosting legacy applications on IaaS without
rearchitecture can offload your data center and may save you some money, but it probably
won't deliver the agility, scalability and resiliency benefits you need. Be sure legacy applications
are at least cloud-tolerant before rehosting them — meaning that they are tolerant of ephemeral
or unreliable infrastructure. Otherwise, they are likely to experience stability and reliability
issues.
■ Use the twelve-factor app rules and the LIFESPAR architecture principles to guide application
architecture when designing a cloud-native application or when transforming an existing
application for migration to a cloud.
■ Use opinionated cloud-native frameworks or high-productivity aPaaS tooling to accelerate
cloud-native development.
Business Impact: Organizations want to make the most of cloud computing to support their digital
business initiatives. But they can't fully exploit cloud platform benefits without cloud-native
application architecture. Cloud-native architecture increases business agility by enabling DevOps
teams to more effectively use cloud self-service capabilities, and to support continuous delivery of
new features and capabilities. Cloud-native architecture also ensures that applications can leverage
cloud autoscaling and autorecovery features to improve system performance and business
continuity. Cloud-native architecture also ensures that applications are optimized for a shared
infrastructure environment, thereby reducing costs through pay-for-use pricing models and denser
resource utilization.
Sample Vendors: Amazon Web Services (AWS); Cloud Native Computing Foundation; Docker;
Google; Mendix; Microsoft; OutSystems; Pivotal; Red Hat; Salesforce
Recommended Reading: "Why You Must Begin Delivering Cloud-Native Offerings Today, Not
Tomorrow"
"How to Assess Your Application to Adopt Cloud-Native Architecture"
"A Guidance Framework for Architecting Highly Available Cloud-Native Applications"
Hybrid IT
Analysis By: Thomas J. Bittman
Definition: Hybrid IT is the operational model for IT organizations that are trusted brokers for a
broad range of services from external cloud providers and from their own enterprises, using cloud
computing styles (private, public and hybrid), as well as traditional computing and cloud-inspired

styles. Hybrid IT is an organizing principle for how IT departments provide IT services and add value
to IT services provided by others. A hybrid IT organization manages multiple sourcing models that
can change dynamically.
Position and Adoption Speed Justification: As interest in and usage of cloud computing services
have grown, enterprises are looking for ways to support that usage, but with appropriate
governance. Inquiries from Gartner clients on the effective governance of cloud services have
increased significantly during the past few years. Technologies to enable the brokering of cloud and
noncloud services are evolving, and several of them have been acquired by major vendors.
The cloud providers themselves have little interest in making cross-service migrations or integration
easy, which will increase the demand for an intermediary role. As cloud computing services mature,
there will be a growing need for cross-service management, integration, and aggregated hybrid
cloud and IT services. Appropriate compliance and security measures will need to be put in place,
and the fundamental role of the IT organization and its associated skills will need to change, i.e.,
there will need to be a shift from "just" a provider role to the role of provider and broker of IT
services.
User Advice: Hybrid IT is different from hybrid cloud. Hybrid cloud is the composition of multiple
services from different providers into a single service. Hybrid IT adds value across multiple services
from different providers, as well as internal technology solutions. Hybrid cloud will be useful, but
relatively uncommon. Hybrid IT will be very common, because most enterprises will leverage
different services from multiple providers.
A successful hybrid IT effort requires the IT organization to focus on three approaches to being a
broker for services:
■ Accelerating time to value — getting to the right solution quickly.

■ Adding value — customizing as needed; reducing overhead costs and effort; and managing
service levels, financials, problem management, etc.
■ Protecting the enterprise — in terms of security, compliance and providers that fail.
■ Actions that help create a hybrid IT organization include:
■ Creating a core competency center on provider capabilities, best practices and internal user
feedback.
■ Offering services through a central portal that provides a fast path to services and necessary
service information, including single sign-on (SSO) and consolidated billing and chargeback.
■ Removing and reducing overhead efforts, such as managing financials, dealing with problem
management and managing the overall provider relationship.
■ Integrating applications and data across cloud and noncloud environments.
These actions will require that new skills and organizational structures be developed in IT, focused
on service orchestration, provider capabilities and best practices.

Business Impact: Hybrid IT can help the enterprise leverage cloud computing services faster,
appropriately, more efficiently, and with managed and acceptable risk. As cloud computing use
expands and matures, the requirements for security management, cross-service coordination, data
sharing, service-level management and migration paths will grow to the point at which enterprises
without hybrid IT will have serious competitive issues — delays in leveraging cloud providers quickly
and effectively, redundant overhead costs placed on end users, inefficient use of cloud services,
and cloud provider failures that directly affect the business. Some enterprises — especially smaller
ones — will fill this intermediary role by outsourcing to external providers, boutique cloud integration
firms and cloud system integrators (i.e., cloud service brokerages). Larger enterprises should
consider this broker role as a critical core competency that enables the efficient use of IT services
(internally and externally) and drives significant top-line growth through the more-competitive use of
cloud services.
Sample Vendors: DXC Technology; Hewlett Packard Enterprise; IBM; VMware
Recommended Reading: "How to Grow the Enterprise-Defined Data Center"
"Hybrid IT: Delivering IT as a Provider and a Trusted Broker"
Cloud Marketplaces
Analysis By: Ed Anderson
Definition: Cloud marketplaces are online storefronts through which customers can find and
subscribe to cloud service offerings, including IaaS, PaaS and SaaS. Cloud-related IT services
offerings, such as consulting or migration services, are now appearing in some marketplaces. Cloud
marketplaces are a type of cloud service brokerage, where the marketplace provider aggregates
disparate cloud service offerings (often curated) and presents them as a collection of service
offerings, usually through a portal, and sometimes referred to as "cloud app stores."
Position and Adoption Speed Justification: Cloud marketplaces are growing in influence as a
destination to find and procure cloud services, applications and service components. Cloud service
providers, technology distributors, resellers, cloud service brokerage (CSB) providers and even
internal IT organizations are building and delivering cloud marketplaces to their constituents. Cloud
app stores, cloud service catalogs and portals are also types of cloud marketplaces, but they are
typically built for consumption by a closed community of users.
Providers use cloud marketplaces to highlight their own cloud service offerings and their partners'
offerings, and to assert their role in the delivery of cloud services. Cloud marketplaces also reinforce
the importance of the supporting cloud platform, and successful cloud marketplaces can help

strengthen the competitive position of the underlying cloud platform. Cloud offerings are often built
by third-party independent software vendors (ISVs).
Cloud service subscribers use cloud marketplaces as a means to simplify the process of finding,
purchasing and using cloud services, in addition to value-added services and applications from
other complementary third-party offerings. Marketplaces can also be used to highlight preapproved
or sanctioned services, which can complement cloud governance policies for approved cloud
service usage. Cloud service aggregation features, such as unified billing, are often included.
Cloud marketplaces are often, but not always, a type of CSB built on cloud brokerage enablement
tools. CSB providers use cloud marketplaces as a form of intermediation, where additional services
can be added, including integration, customization, aggregated billing and governance. Innovations
in CSB will improve the capabilities of cloud marketplaces and increase the proliferation of
marketplaces. As marketplaces address a broader and more specific set of end-user requirements,
including simplified billing, ease of procurement of services and software, and implementation and
prebuilt integration, the use of cloud marketplaces will increase.
User Advice: The cloud marketplaces currently in market and in use by organizations have very
different capabilities and serve different purposes. Most, including those offered by cloud service
providers, are basic in their capabilities, although more sophisticated offerings have emerged in the
market. The most fundamental type of marketplace is nothing more than a directory of cloud service
offerings, with no value-added capabilities beyond the catalog. More sophisticated cloud
marketplaces include additional services, such as authentication and authorization, metering,
aggregated billing and reporting, provisioning, data management and integration, compliance, and
security.
Organizations should look for cloud marketplace offerings with the software and services that meet
their cloud service platform requirements and value-added service needs:
■ Marketplaces of cloud services built to enhance or extend a specific cloud service offering
(example: Salesforce AppExchange).
■ General-purpose marketplaces, with cloud services from different providers (example:
RightScale).
■ Vertical industry marketplaces, with cloud services designed for specific vertical industry needs
or use cases (example: government cloud marketplaces).
■ Marketplaces of complementary software images built for a specific cloud platform. These
marketplaces are effectively software catalogs, with purchasing and delivery capabilities
(example: Amazon AWS Marketplace).
Organizations should assess the benefits of value-added services offered through cloud
marketplaces. Value-added services may be available as business services (such as billing,
compliance, vertical industry specialization and managed services) or technology services (such as
integration, monitoring, service delivering, security and customization). Working with providers in a
cloud brokerage model, often through a cloud marketplace, may provide benefits that map well to
the organization's cloud sourcing strategy. Internal cloud marketplaces, delivered by an internal

CSB, can deliver similar benefits. Conversely, cloud marketplaces may provide a level of
intermediation that may make it more difficult for the organization to interact with the cloud service
or the cloud service provider.
Business Impact: Third-party cloud marketplaces will be most popular with smaller organizations
that benefit from the value-added capabilities of cloud marketplaces, or business units within large
organizations. Larger organizations will also make use of cloud marketplaces associated with their
chosen cloud platform. Organizations with sophisticated IT capabilities may establish a cloud
marketplace as part of an internal CSB, designed to facilitate usage of internal and external cloud
services, and to provide management and control over the organization's collection of cloud
services.
Sample Vendors: Amazon Web Services; Google; IBM; Ingram Micro; Microsoft; RightScale;
Salesforce
Recommended Reading: "Competitive Landscape: Public Cloud Business Application

Marketplaces, 2015"
"Market Insight: Cloud Marketplaces Will Disrupt Communications Service Providers' Sales Models"
"Market Insight: Finding Growth Opportunities in Cloud"
"Digital Disruption Profile: Cloud Computing Disrupts and Enables"
"Tech Go-to-Market: Consider Cloud Platform Marketplaces as a Disruptive Alternative to

Traditional Sales Models — Part 1"
Cloud Networking
Analysis By: Sid Nag
Definition: Cloud networking is a service offered by service providers to connect disaggregated

hybrid IT and hybrid cloud environments. Cloud networking services provide robust
interconnectivity between external cloud data centers and a customer's on-premises data centers.
Cloud networking services typically include capabilities that address quality of service and latency,
and network availability for applications that require reliable connectivity between the customer's
premises and an external cloud service.
Position and Adoption Speed Justification: In the next two to five years, cloud networking will be
a major criteria for selection of cloud providers by 50% of enterprises. Organizations should select
providers that must include cloud networking as a cornerstone of their cloud-managed services
offerings as issues with network connectivity across the hybrid IT environment and multiple cloud

providers data centers increase in complexity. Cloud networking also has a part in building and
managing secure private networks over the public internet by utilizing global cloud computing
infrastructure. In cloud networking, the traditional network functions and services, including
connectivity, security, management and control, are delivered as a service in the cloud.
User Advice: Users should look for cloud networking offerings that include capabilities to select the
right connectivity provider whether it is a cloud provider, an exchange provider or a traditional ISP.
User must also make sure that the adequate quality of service and latency and availability issues are
addressed, especially for mission-critical applications that are running in the cloud. This offering
should also get into issues related to dual homing, peering point selection, route advertising and
other networking issues. Other capabilities to look for include rapid provisioning of MPLS, VPN and
SD-WAN support for complex overlays for connecting an organization's on-premises locations into
the cloud provider's data center. Furthermore, it should provide cost comparisons of selecting one
connectivity provider over the other.
As users move applications into the cloud, cloud networking requirements may emerge:
■ There will often be a requirement for the application running in a cloud provider's data center to
interact and interoperate with other applications that still reside in the customer's data centers.
■ Cloud applications may need to interact with other applications running in a different cloud
provider's cloud data center.
■ Due to governance and compliance reasons, the data associated with an application running in
the cloud may still have to reside in the customer's data centers.
All of these scenarios create a need for a robust connectivity model in order to achieve optimal
application performance.
Business Impact: Cloud networking challenges rank among the top inhibitors to the use of public
cloud services. Cloud networking challenges, which ranked among the top four challenges to the
adoption of cloud, have received less attention in the industry despite being a critical element that
many organizations are concerned about. It is clear that cloud interconnect architectures are
important for all applications across the disaggregated hybrid cloud and hybrid IT environments.
Moving forward, however, as organizations move vertical-specific mission-critical applications to the
cloud, cloud interconnect architectures will become even more critical.
Sample Vendors: Amazon Web Services (AWS); AT&T; CenturyLink; Digital Realty; Equinix; Google
Cloud Platform; Microsoft Azure; QTS Realty Trust; Verizon; VMware
Recommended Reading: "Market Insight: How to Seize the Cloud Networking Service
Opportunity"

"A Tour of Gartner's Cloud Networking Research"
"Utilizing Network Service Provider Direct WAN Connectivity for the Cloud"
Software-Defined Infrastructure
Analysis By: Philip Dawson
Definition: In 2018, software-defined infrastructure (SDI) is absorbing the broad set of software-
defined anything (SDx) infrastructure components. SDI combines the software-defined data center
(SDDC) IP. SDI also captures not only non-data-center infrastructure deployed in Mode 2 Internet of
Things (IoT) applications, but also an SD Edge of edge-based adapters, monitors, gateways,
appliances and machines.
Position and Adoption Speed Justification: Data center infrastructure is well-covered with
compute (SDC), network (SDN) and storage (SDS), but SDI also extends to non-data-center
infrastructure with the use of monitors or machines that are increasingly software-defined. This is
through the use of sensors and adapters that are not only hardware-focused, but also abstracted
through software, becoming SDI in Mode 2 IoT and operational technology, rather than traditional,
IT-driven SDI through a Mode 1 data center.
User Advice: As SDI initiatives roll out, consider the integration and measurement of non-data-
center edge infrastructure. Start with and focus on core Mode 1 SDI for compute, network, storage
and facilities, but consider the impact of Mode 2 SDI around the IoT, edge computing, remote
office/branch office and other operational technology. Key IoT distributed verticals (such as retail,
manufacturing, retail banking, distribution and utilities) are encapsulating non-data-center SDI
initiatives for Mode 2 operations and functions.
Business Impact: With the increase of the IoT touching edge-based operational technology, SDI
will reach beyond and between SDDCs, and leverage SDx benefits and features for new multimode
applications and edge endpoints.
Sample Vendors: IBM; Intel; Microsoft; Red Hat; VMware; Wipro
Recommended Reading: "IT Market Clock for Bimodal Compute Infrastructure, 2017"
"Should Your Enterprise Deploy a Software-Defined Data Center?"
Hybrid Cloud Computing

Analysis By: Milind Govekar; Dennis Smith; David W. Cearley

Definition: Hybrid cloud computing is the coordination of cloud services across public, private and
community cloud service providers to create another cloud service, which is how it differs from
multicloud computing. A hybrid cloud computing service is automated, scalable, elastic, has self-
service interfaces and is delivered as a shared service using internet technologies. Hybrid cloud
computing needs integration between the internal and two or more external environments at the
data, process, management or security layers.
Position and Adoption Speed Justification: Hybrid cloud offers enterprises the best of both
worlds — the cost optimization, agility, flexibility, scalability and elasticity benefits of public cloud, in
conjunction with the control, compliance, security and reliability of private cloud. As a result,
virtually all enterprises have a desire to augment internal IT systems with external cloud services.
The solutions that hybrid cloud provides include service integration, availability/disaster recovery,
cross-service security, policy-based workload placement and runtime optimization, and cloud
service composition and dynamic execution (for example, cloudbursting).
A hybrid cloud computing architecture enables multicloud implementations. While most

organizations are integrating applications and services across service boundaries, we estimate
approximately 10% to 15% of large enterprises have implemented hybrid cloud computing beyond
this basic approach — and for relatively few services. This decreases to less than 10% for midsize
enterprises, which mostly are implementing the availability/disaster recovery use case. While most
companies will use some form of hybrid cloud computing during the next two years, more advanced
approaches lack maturity and suffer from significant setup and operational complexity. Positioning
on the Hype Cycle advances toward the Trough of Disillusionment as organizations continue to gain
experience in designing cloud-native and optimized services, and seek to optimize their spending
across on-premises and off-premises cloud services. However, this is different from hybrid IT, which
is where IT organizations act as service brokers as part of a broader IT strategy and may use hybrid
cloud computing. Hybrid IT services are professional services that provide cloud service brokerage
(CSB), multisourcing, service integration and management capabilities to customers building and
managing an integrated hybrid IT operating model. These services are provided by vendors (such as
Accenture, Wipro, Tata Consultancy Services [TCS]) and other service providers and system
integrators.
Microsoft has launched Azure Stack and VMware has launched Hybrid Cloud Extension to support
hybrid cloud implementations — mainly hybrid cloud orchestration (see "Utilizing Hybrid
Architectures for Cloud Computing").
User Advice: When using hybrid cloud computing services, establish security, management, and
governance guidelines and standards to coordinate the use of these services with internal (or
external) applications and services to form a hybrid environment. Approach sophisticated
cloudbursting and dynamic execution cautiously because these are the least mature and most
problematic hybrid approaches. To encourage experimentation and cost savings, and to prevent
inappropriately risky implementations, create guidelines/policies on the appropriate use of the
different hybrid cloud models. Coordinate hybrid cloud services with noncloud applications and
infrastructure to support a hybrid IT model. Consider cloud management platforms, which
implement and enforce policies related to cloud services. If your organization is implementing hybrid
IT, consider using hybrid cloud computing as the foundation for implementing a multicloud broker
role and leveraging hybrid IT services and service providers to complement your own capabilities.

Business Impact: Hybrid cloud computing enables an enterprise to scale beyond its data centers
to take advantage of the elasticity of the public cloud. Therefore, it is transformational when
implemented because changing business requirements drive the optimum use of private and/or
public cloud resources. This ideal approach offers the best possible economic model and maximum
agility. It also sets the stage for new ways for enterprises to work with suppliers and partners (B2B),
and customers (B2C), as these constituencies also move toward a hybrid cloud computing model.
Sample Vendors: Hewlett Packard Enterprise (HPE); IBM; Microsoft; OpenStack; Rackspace;
RightScale; VMware
Recommended Reading: "Comparing the Approaches of Microsoft Azure Stack and 'VMware
Cloud on AWS'"
"Market Guide for Managed Hybrid Cloud Hosting, North America"
"Utilizing Hybrid Architectures for Cloud Computing"
"Solution Path for Developing Enterprise Hybrid Cloud Strategies"
"I&O Leaders Must Plan for Hybrid Cloud Orchestration"
"Cloud Adoption Is Driving Hybrid WAN Architectures"
Cloud Service Brokerage

Analysis By: Gregor Petri; Sid Nag
Definition: Cloud service brokers combine technology, people and methodologies to help (internal
or external) organizations consume cloud services. Cloud service brokerage (CSB) is defined as an
IT role and business model in which a company or internal entity adds value to one or more (public
or private) cloud services. This is done on behalf of one or more consumers of that service by
providing an aggregation, integration, customization and/or governance role. CSB enablers provide
technology to support cloud service brokering activities.
Position and Adoption Speed Justification: As cloud computing continues to become more
mainstream while skills and knowledge remain scarce, the awareness of cloud brokering (either
taken on internally or outsourced to a service provider) continues to increase. This has cloud
services brokering moving steadily toward the Plateau of Productivity, although maybe more slowly
than initially expected by some. As companies continue to formulate their cloud strategies, the role
of internal IT as a cloud service broker has become a role model for many IT organizations.

The area related to cloud services brokering that has, however, grown the fastest over the last few
years is the segment of third-party managed service providers (MSPs). These MSPs offer added-
value services for cloud migration and managed services on top of cloud infrastructure. (For details,
see "Magic Quadrant for Public Cloud Infrastructure Managed Service Providers, Worldwide.")
Providers come from a wide variety of backgrounds, including system integration, managed hosting
and full-service outsourcing, which compete with pure-play startups.
Providers of CSB-enabling technologies include dedicated cloud brokerage platforms, cloud

management platforms with embedded brokering capabilities, and a wide variety of cloud
management point solutions. We have seen a significant wave of acquisitions of these enablement
companies by a variety of (managed) service providers.
User Advice: In the area of SaaS, providers of cloud services tend to focus on a narrow set of
functionality (for example, expense management, HR support, CRM, big data analysis, office
productivity, or file storing and sharing) at an enormous scale. The result is that enterprises will use
multiple cloud services from numerous SaaS providers. Meanwhile, we see in the infrastructure area
that the preference for multicloud cloud strategies continues to increase.
In this multivendor environment, your organization needs to find the right balance. In some cases,
your organization can take on the role of an internal service broker to provide multiple cloud
services to both internal and external customers via a brokerage enablement platform/app store.
And for some other cases, your organization can turn to the app store or marketplace of an external
cloud services broker.
Consider outsourcing the CSB role to an external service provider if you lack the requisite CSB skills
and capabilities, or when an external provider can best meet your time-to-deployment or risk
management requirements. Make sure to assess potential CSB provider maturity at the commercial
and technical level (see "Essential Provider Selection Criteria to Use When Outsourcing the CSB
Role").
Consider an internal CSB role when brokering is perceived as a required internal core competency.
Examples are when you want full unilateral control over cloud consumption, or you are responsible
for delivering IT services across a hybrid combination of public and private clouds (see "Internal
CSB Role Is Emerging Within IT Organizations").
Give preference to CSB providers or CSB technology enablers that have a roadmap indicating the
broad understanding of the emerging role of the CSB as the enterprise strategic intermediary for
cloud consumption.
Business Impact: Although internal IT has embraced the cloud services broker term, external
providers by and large still shy away from using the "broker" label. Instead, they prefer terms such
as "cloud integrator" or "cloud managed service provider." They continue to struggle to find the
right business model for monetizing their value-added brokering activities, and the impact of cloud
service brokering on the industry will be significant.
New pure-play brokering service providers are emerging, while large traditional system integrators
and hosting providers are repositioning themselves as brokers instead of trying to compete against

rapidly growing hyperscale cloud providers. Distributors, value-added resellers, independent service
providers and OEMs are redefining their business models in context of the new cloud service reality.
Communications service providers and emerging new players (such as banks and financial
institutions) are entering the cloud service brokering market with small- or midsize-business-
focused offerings.
Sample Vendors: Accenture; AppDirect; Cloudnexa; Cognizant; ComputeNext; DXC Technology;

Hewlett Packard Enterprise (HPE); Ingram Micro; Rackspace; RightScale
Recommended Reading: "Adapting IT to Become the Broker of Cloud Services"
"Market Guide for Cloud Service Brokerage"
"Competitive Landscape: Cloud Service Brokerage"
"Magic Quadrant for Public Cloud Infrastructure Managed Service Providers, Worldwide"
"Critical Capabilities for Public Cloud Infrastructure Managed Service Providers, Worldwide"
"Forecast: Cloud Consulting and Implementation Services, Worldwide, 2017-2022"
"Market Insight: Top 10 Things 'To Do' to Seize the Cloud Service Brokerage Opportunity"
"How to Select a Cloud Management Platform for Brokering Hyperscale Cloud Providers"
"A CIO Primer on Cloud Services Brokerage"
"Exploiting MSI and CSB Roles to Effectively Manage Complex Hybrid IT Services Environments"
Cloudbursting
Analysis By: Ed Anderson
Definition: Cloudbursting is the use of an alternative set of public or private cloud services as a way
to augment and handle peaks in IT system requirements at startup or during runtime. Cloudbursting
can span on-premises private cloud with public cloud, and may cross cloud providers or resource
pools within a single provider. Typical use cases for cloudbursting include the expansion of IT
resources across internal data centers, external data centers, or between internal and external data
centers.
Position and Adoption Speed Justification: The notion of cloudbursting is based on the idea of
"bursting" out of an internal data center to an external cloud service (usually infrastructure as a

service (IaaS) or platform as a service (PaaS)) when additional computing capacity is needed.
Cloudbursting can be implemented as a type of autoscaling, implemented across service
environments. Although cloudbursting includes any scenario where cloud services are utilized in an
on-demand fashion when additional capacity is required, cloudbursting could also include scenarios
where less critical resources are moved to a cloud service in order to free up internal capacity for
critical on-premises workloads.
Today, cloudbursting is often a manually initiated process, but over the next two to three years,
cloudbursting may become automated through the use of triggers and service governor technology
for the following roles:
■ A provisioning time placement role

■ A runtime movement role
■ A runtime expansion role
The provisioning time placement role is the easiest to implement and requires the least governance
insight because services are placed based on available capacity and policy. The runtime movement
role is harder, may require some downtime and will be less common because moving services
between cloud environments and across different providers is often quite complex. The runtime
expansion role requires applications to be specifically written or adapted to cloudbursting, such as
scale-out web architectures or batch-computing jobs that can disperse the work in parallel across
distributed data centers. Most applications have storage and database architectures that cannot be
easily adapted to geographically dispersed data centers. Likewise, networking challenges, including
latency, can make cloudbursting unfeasible.
Barriers to cloudbursting usage include the lack of cross-cloud provider API standards, inadequacy
of application instrumentation, root cause analysis and management tools, latency between data
centers, security and networking configuration and automation, and incompatible application
architectures. While penetration in large organizations is 5% to 20%, the number of services that
make use of actual cloudbursting is small and is focused on the more stateless web or application
tiers, and less so on the more complex and often stateful data tier.
The rising interest in multicloud architectures has elevated interest in cloudbursting as a means to
leverage cloud capacity and capabilities across cloud environments. Although interest in multicloud
environments is growing, the challenges of implementing cloudbursting remain difficult for most
types of applications, particularly complex applications.
User Advice: Cloudbursting is often cited as one of the primary use cases for hybrid cloud or
multicloud environments. In practice, cloudbursting remains an aspirational notion for most
organizations because of the practical difficulties in implementing cloudbursting. When considering
the use of cloudbursting, it is prudent to take a pragmatic approach, recognizing the challenges
associated with an operating environment that assumes cloudbursting capabilities. Select
workloads and applications that are conducive to scale-out execution using parallel and distributed
processing models.

■ Do not assume that cloudbursting will become a broadly viable approach for workload
portability and expansion across cloud services, even when hyped technologies such as
"containers" are used.
■ Assess which applications will get value from cloudbursting and whether they meet the
technical criteria and constraints for implementation such as whether they are designed to be
distributed, will not be impacted by network latency, and have appropriate application
instrumentation.
■ Account for cloudbursting in the IT service architecture of workloads with highly variable
demand to take advantage of extending cloud services across cloud environments to meet
fluctuating resource demands. Recognize that implementation will require development and
integration skills to enable bursting (for example, security, Internet Protocol addressing and
provisioning) as well as to trigger the increase or decrease in capacity, and to write the
automation to perform the implementation.
■ Implement robust network connectivity and reliable transport between cloud service
environments where cloudbursting will occur.
■ Carefully evaluate the financial implications of the dynamic movement of workloads; there may
be significant costs associated with storage and networking.
Business Impact: Cloudbursting has the potential to reduce the overall cost of running cloud
services by dynamically provisioning additional capacity on-demand, and potentially from different
providers to meet the needs of workloads with variable resource demands. It enables the use of
cloud services to address capacity overflow for on-premises or cloud-based systems.
Sample Vendors: Amazon Web Services; Dell; Google Cloud Platform; Hewlett Packard Enterprise;
Joyent; Microsoft; OpenStack; RightScale; Scalr; VMware
Recommended Reading: "Cloud Computing Primer for 2018"
"I&O Leaders Must Plan for Hybrid Cloud Orchestration"
"2018 Planning Guide for Cloud Computing"
"Market Guide for Public Cloud Container Services"
Private Cloud Computing

Analysis By: Thomas J. Bittman

Definition: Private cloud computing is a form of cloud computing used by only one organization, or
one that ensures an organization is completely isolated from others. As a form of cloud computing,
it has full self-service, full automation behind self-service and usage metering. It does not have to
be on-premises, or owned or managed by the enterprise.
Position and Adoption Speed Justification: Private and public cloud computing are at opposite
ends of the "isolation" spectrum. As public cloud providers have offered virtual private cloud,
dedicated instances, and dedicated hosts, the gap between private and public has become a
spectrum of isolation choices.
Organizations that build a private cloud service are emulating public cloud computing providers to
acquire similar benefits — mainly agility, mainly for new cloud-native applications, mainly for
business value and growth. This can be for infrastructure as a service (virtual machines or
containers), platform as a service, or in some situations, software as a service.
The use of third parties for cloud computing (private and public) has been growing rapidly. The
ongoing cost and complexity of building a true private cloud can be extreme, and the rationale for
building your own has been declining.
This term is also used to describe a very different trend, where traditional infrastructures that are
being modernized with virtualization, some automation, and some self-service — leveraging only
some valuable attributes of cloud computing, but applying them to existing applications with
traditional infrastructure requirements. However, because these are different trends, Gartner does
not include this form of modernization in our definition of private cloud. But when the goal is IT
efficiency or modernization for existing applications, these "just enough cloud" architectures can be
beneficial (but that's not covered in this profile).
User Advice:
■ Evaluate third-party options first. These include hosted private cloud, managed services, virtual
private cloud alternatives, or public cloud.
■ Choose your private cloud strategy based on the necessary return on investment or business
goals: If business growth or business value for new applications, consider a true cloud
architecture; if IT efficiency or IT modernization for existing applications, choose cloud-inspired
technologies and methods to implement surgically. Just-enough cloud is often enough.
■ Focus on business and application needs first, don't start with the technology. One technology
architecture and operational model cannot support all of the application needs of a typical
enterprise. Either build multiple architectures and operational models, or leverage third-parties.
■ Focus on services that fit the cloud model — standard, high-volume and self-service; those that
require agility, horizontal scalability; and usages that might be short-lived.
■ Consider the long-term roadmap for your private cloud services. Build with the potential to
integrate, interoperate or migrate to public cloud alternatives at the appropriate time.
■ Manage the scope of work — start small, and broaden based on the business case.

■ Build expertise in managing multiple architectural and operational models, and multicloud —
this is more valuable to an enterprise than expertise in building a single cloud architecture.
Business Impact: Cloud computing enables agility that an enterprise can use to react quickly to
business requirements in functionality or scale. Due to economies of scale, cloud computing can
also improve efficiency and lower costs. However, because leveraging a true cloud computing
architecture requires applications and operational models designed for cloud computing, the cost of
transformation for existing applications does not always justify the investment.
True private cloud computing is used when enterprises aren't able to find cloud services that meet
their needs in terms of regulatory requirements, functionality or intellectual property protection. True
private cloud computing is almost always purpose-built for a specific set of new applications, and
their success can be measured in revenue or market share.
When the primary goal of a private cloud is IT efficiency, businesses can reduce costs and improve
overall operational efficiency for their existing application portfolios by leveraging cloud
technologies where appropriate, and adding manual or custom intervention, or customized changes
as needed to support those applications.
However, enterprises need to recognize that these are two different goals, with different
architectures, and trying to do them in a single architecture usually achieves none of the goals well.
Being bimodal, based on business and application needs makes the most business sense.
Market Penetration: More than 50% of target audience
Maturity: Mature mainstream
Sample Vendors: Apprenda; BMC; Hewlett Packard Enterprise; IBM; Microsoft; Pivotal; Red Hat;
VMware
Recommended Reading: "When Private Cloud Infrastructure Isn't Cloud, and Why That's Okay"
Cloud Management Platforms

Analysis By: Dennis Smith; Padraig Byrne; Colin Fletcher
Definition: Cloud management platforms (CMPs) enable organizations to manage private, public
and multicloud services and resources. Their specific functionality is a combination of provisioning
and orchestration; service request management; inventory and classification; monitoring and
analytics; cost management and resource optimization; cloud migration, backup and disaster
recover; identity, security and compliance. This functionality can be provided by a single product or
a set of vendor offerings with some degree of integration.
Position and Adoption Speed Justification: While the CMP market is continually changing,
vendors and enterprise customers are getting a better feel for where such tooling can and cannot
be used. Vendors are still being challenged with evolving customer requirements (for example,

interfacing with multiple public clouds and cost transparency with workload optimization to
remediate cost overruns). At the same time, major market consolidation will continue during the
next few years. For example, many vendors that initially targeted cost management have been
acquired as this functionality is becoming a part of basic CMP functionality. The same is occurring
with cloud migration vendors. Additionally many long-standing vendors are introducing next-
generation products, often targeting holes that their previous products had. Some of the core CMP
functionality is also being combined (for example, monitoring and analytics with cost management
and resource optimization). The ability to serve both application developer and I&O personas is key.
This requires that CMPs be linked into the application development process without imposing
workflow that inhibits agility while also allowing infrastructure and operations (I&O) teams to enforce
provisioning standards.
Organizations have an increasing need to address multicloud requirements, and, in some cases,
they want to become internal cloud service brokers (CSBs) and manage public services that were
previously acquired — often by lines of business (LOBs) outside the I&O organization — and have
become difficult to manage operationally.
User Advice: As CMP market volatility increases, IT organizations must:
■ Consider CMP vendor's viability along with evaluating features.

■ Consider native cloud services as an option versus CMPs if you favor depth with an individual
cloud provider versus depth across different cloud providers.
■ Augment, swap out or integrate additional cloud management or traditional management tools
for many requirements, because no vendor provides a complete cloud management solution.
■ Standardize, because deriving value from your CMP will depend heavily on the degree of
standardization offered by the infrastructure, software and services.
■ Set realistic expectations on deployment times, as mature organizations implement CMP in a
relatively short period (one to two years); however, less mature organizations may require two or
more years to design effective, repeatable, and automatable standards and processes.
■ Plan for new roles, such as cloud architects and cloud service brokers (CSBs), including
developing skills in the infrastructure and operations organization, financial management and
capacity management.
Business Impact: Enterprises will deploy CMPs to increase agility, reduce the cost of providing
services and increase the likelihood of meeting service levels. Costs are reduced and service levels
are met because CMP deployments require adherence to standards, as well as increased
governance and accountability. Desirable IT outcomes include:
■ Policy enforcement (e.g., on reusable standard infrastructure components)

■ Reduced lock-in to public cloud providers, although at the cost of CMP vendor lock-in which
can slow innovation
■ Enhanced ability to broker services from various cloud providers and to make informed
business decisions on which providers to use

■ Ongoing optimization of SLAs and costs

■ Management of SLAs and enforcement of compliance requirements
■ Accelerated development, enabling setup/teardown of infrastructure that mimics production,
resulting in lower overall infrastructure costs and higher quality
Sample Vendors: Cisco; Red Hat; RightScale; Scalr; VMware
Recommended Reading: "IaaS Cloud Management Tool Selection Methodology"
"Market Trends: Multicloud Usage Will Drive Cloud Management Platform Growth"
"Magic Quadrant for Cloud Infrastructure as a Service, Worldwide"
Cloud Migration
Definition: Cloud migration is the process of planning and executing the movement of applications
or workloads from on-premises infrastructure to external cloud services, or between different
external cloud services.
Position and Adoption Speed Justification: The process of cloud migration requires:
■ Setting business objectives for the migration

■ Determining what workloads can be moved to an external cloud service (or moved from one
such service to another)
■ Planning how to best migrate those workloads
■ Executing the migration
■ Learning to operate in the new cloud model
The tools for actually executing workload discovery and movement are relatively mature. However,
most organizations lack the expertise to appropriately plan and execute a migration. Migration
service providers — typically public cloud infrastructure managed service providers (MSPs) that can
provide other managed and professional services in addition to the migration-related services —
can help guide customers through this process, but MSP experience and capabilities vary widely.
Furthermore, organizations often struggle with the transformational aspects of cloud operations,
which can result in technically successful migrations that fail to meet business objectives.

User Advice: Organizations should objectively evaluate their ability to conduct a cloud migration on
their own, versus leveraging an MSP. While customers sometimes migrate to SaaS without the
assistance of an MSP, almost all successful large-scale migrations to IaaS and PaaS are done in
conjunction with an MSP. Most MSPs target hyperscale integrated IaaS and PaaS providers, such
as Amazon Web Services and Microsoft Azure. When these providers are used, workloads are
typically migrated to a mixture of their IaaS and PaaS offerings. Experienced MSPs can help IT
leaders think through their objectives and determine what the end state looks like from a technical
and organizational perspective. They have a well-structured "migration factory" process, and can
provide the strong project management and technical staff needed to execute a migration in a
timely fashion. Enterprise architecture and technology leaders typically guide the selection of an
MSP, and oversee the migration effort.
I&O leaders that elect to perform their own migration should consider purchasing cloud migration
tools; this can decrease the time, effort and cost of the migration, compared to manual efforts or
writing your own scripts. These tools can also aid in moving workloads between cloud providers, or
from a cloud provider back on-premises, although these use cases are rarely seen. I&O leaders
must clearly define their use cases and understand that vendor strengths will vary, as well as ensure
that the migration tools selected are consistent with their existing management software (such as a
cloud management platform or backup/archiving tool).
Application leaders should also consider what approach is best for modernizing an existing
application. A rehosting without modification might be easiest, but it might bring fewer benefits than
replatforming, refactoring, rebuilding, or replacing the application.
Business Impact: Relatively few organizations have fully completed large-scale "all in" cloud
migrations — migrations that allow the organization to close down most or all of its data centers —
as such migrations typically take two to three years for midsize organizations and five years or more
for enterprises. A complex SaaS implementation can take up to a year. However, migrating a single
application can be accomplished in days or weeks, depending on the application's complexity.
Furthermore, many organizations that migrate applications to IaaS, with the help of an experienced
MSP, are able to accomplish the majority of the migration within the first nine months. The
organizations that achieve the greatest cost savings with infrastructure migration typically have high
degrees of standardization, or are willing to adopt greater standardization in order to significantly
lower labor costs via automation. Many organizations realize significant agility benefits, especially
the benefits of greater self-service and developer empowerment.
Sample Vendors: Accenture; CloudEndure; Cloudreach; Racemi; Rackspace; RiverMeadow;

Veeam; Zerto
Recommended Reading: "Getting Help Implementing Cloud IaaS"
"Choose the Right Approach to Modernize Your Legacy Systems"

"Developing a Public Cloud IaaS Adoption and Migration Framework"
"Building the Right Justification for Moving to the Cloud"
"A High-Level Framework for Planning Your Migration to Public Cloud Services"
Integrated IaaS and PaaS

Analysis By: Lydia Leong; Yefim V. Natis
Definition: Integrated infrastructure as a service (IaaS) and platform as a service (PaaS) (also known
as IaaS+PaaS, or integrated cloud platform services) is the business and technology arrangement
where IaaS and PaaS capabilities are offered as a unified portfolio of services. The degree of
integration may vary, but includes the use of a single self-service portal and catalog, shared identity
and access management, a single integrated low-latency network context, unified security, and
unified billing.
Position and Adoption Speed Justification: IaaS and PaaS are naturally complementary, causing
IaaS providers to expand into PaaS and the more ambitious PaaS providers expand into IaaS,
natively or through partnerships. Integrated approaches allow users to combine different models of
system and application infrastructure within a unified environment.
IaaS and PaaS represent a continuum, and an increasing number of capabilities in the market have
characteristics of both. Within that continuum reside options that offer different balances between
the responsibilities of the provider and the responsibilities of the customer, as well as the degree of
transparency in the implementation. Furthermore, a greater degree of automated management is
being introduced into both IaaS and PaaS.
Today, most integrated IaaS+PaaS providers focus on high-control capabilities, such as compute
instances (VMs, OS containers, or bare-metal servers) and other infrastructure resources that may
have some form of automated management, or cloud software infrastructure services (typically
middleware services with varying degrees of automation). However, high-productivity application
PaaS is likely to become an important part of these service portfolios as well. Offering both IaaS
and PaaS as a unified service allows the provider to offer multiple intermediate options in an
integrated manner, simplifying the selection and facilitating efficient use for the customers.
Most customers that use a hyperscale integrated IaaS+PaaS provider, such as Amazon Web
Services or Microsoft Azure, have adopted a blend of the provider's IaaS and PaaS capabilities;
IaaS resources are typically supplemented with cloud software infrastructure services. Indeed, the
availability of this broad portfolio of services is a key aspect of choosing a strategic cloud platform
provider.
The complexity and level of investment required to offer a full, integrated portfolio of multifunctional
PaaS and IaaS services will likely limit the vendor options in this market to a handful of
megavendors. Some of the megavendors will form ecosystems, allowing smaller PaaS specialists to
be included in this market. However, the maturity of this technology will be primarily dependent on
the capabilities of the megavendors.

User Advice: CIOs, CTOs, IT leaders and planners:
■ Combine IaaS and PaaS capabilities in both cloud-native and legacy migration projects to
expand your design and deployment options. In some cases, this may involve using capabilities
from multiple cloud providers.
■ Consider integrated IaaS+PaaS providers to be long-term application platforms. They should be
managed as such, with appropriate attention to potential application portability issues.
■ When looking at the combined use of IaaS and PaaS, carefully examine capabilities, benefits,
and risks of all candidate services separately. Do not assume that all services of the provider are
of the same maturity, functional completeness or quality of service.
■ Evaluate the degree of business and technology integration between IaaS and PaaS services. It
can range from minimal to seamless, and can produce substantial differences in operations and
costs of the project.
■ When considering a smaller specialist PaaS provider, give extra credit to those that are
multicloud and, therefore, can be colocated with multiple larger suites of IaaS+PaaS
capabilities.
Business Impact:
■ A well-functioning combination of IaaS and PaaS will offer enterprises a more natural, flexible
and comprehensive ramp-up path to cloud computing and, consequently, will increase the rate
and scope of adoption of cloud by mainstream IT.
■ The integration of IaaS and PaaS allows customers greater flexibility to come into a cloud
environment, with the balance of control and ease of use that suits their needs at the time, and
to shift that balance in either direction as their needs evolve.
■ Vendors also benefit from IaaS+PaaS — those coming from IaaS and those specialized in PaaS
increase their customer value proposition and ability to compete when covering the broader set
of capabilities. Because only the largest vendors are able to offer their own implementations of
both IaaS and PaaS, the increasing popularity of IaaS+PaaS will contribute to the trend of PaaS
market consolidation.
Sample Vendors: Amazon Web Services; Google Cloud Platform; Microsoft Azure
Recommended Reading: "Technology Insight for Integrated IaaS and PaaS"
"Not Just PaaS: Know and Use the Cloud Platform Continuum"

Cloud Center of Excellence

Definition: A cloud center of excellence (CCoE) is a central IT team, under the supervision of an
enterprise architecture and technology innovation leader, that is focused on providing cloud
strategy, best practices, and governance for the organization as a whole.
Position and Adoption Speed Justification: A CCoE is usually the most effective way for most
organizations to achieve organizationwide cloud governance. It is focused on providing cloud best
practices — preferably expressed not just in documentation, but also templates and other
infrastructure-as-code mechanisms — as well as serving as an internal cloud consulting practice
that delivers cloud architecture and recommended solutions. It also partners with the sourcing team
to provider cloud vendor management, including cloud service expense management. The CCoE
achieves success by ensuring that the "path of least resistance" for cloud use is also the path that
is well-governed and meets the organization's security and regulatory compliance requirements.
Although it is responsible for developing and enforcing cloud computing policies, it primarily
influences, rather than controls.
Many organizations that have adopted cloud services have created a CCoE, but most such CCoEs
are not yet mature. Most cloud migration service providers strongly recommend that customers
create a CCoE, and will assist customers in doing so. CCoEs are typically small, and depend on
educating and influencing the architects and other technical professionals throughout the
organization who are actually implementing the use of cloud services. The CCoE helps guide an
organization's cloud journey, as cloud use grows within an organization, and the organization
understands the best practices for cloud usage that are specific to its business needs. In most
cases, the CCoE, governance approach, and best practices must evolve with the business and its
cloud use.
User Advice: A CCoE should be led by a chief cloud architect, and staffed by cloud architects.
Typically, these architects have:
■ An enterprise architecture background

■ An excellent understanding of application development
■ A practical understanding of operations
■ Some knowledge of cloud services
■ A strong knowledge of the business
■ Good relationships with business as well as IT management
The chief cloud architect typically also leads a cross-functional cloud computing policy committee
that contains representatives from the business; technical end-user teams (such as the application
development teams); infrastructure and operations; and sourcing, security, compliance, risk
management, and legal teams. Some organizations hire an individual contractor with very strong
knowledge of their primary cloud services to lead their CCoE, but such an individual needs an

enterprise architect partner who has very strong knowledge of the business and the necessary
cross-functional relationships. Do not understaff the CCoE, since this can be a major threat to its
influence and success. If the organization has a rapidly growing number of cloud projects, it may be
wise to open head count for CCoE architects well in advance of demand, since there is significant
competition for this skill set.
A CCoE frequently chooses governance tools and sets policies, but is often not responsible for
operating those tools, and may not be responsible for implementing the policies. In organizations
that utilize significant self-service — especially decentralized organizations — the CCoE must
maintain strong developer relations in order to both evangelize existing best practices, as well as to
continuously collect best practices from these teams. The CCoE frequently facilitates knowledge
sharing between these technical end-user teams.
Business Impact: The CCoE is the hub of the cloud community within an organization, and it must
build and foster that community. It is a critical part of helping the organization mature its use of
cloud computing. The CCoE holds together the disparate ways that an organization might adopt
cloud computing, through its centralization of cloud knowledge, best practices and common tools,
as well as its active outreach throughout the organization. The CCoE function may also be closely
aligned to the internal cloud service brokerage (CSB) function.
Nearly all organizations that use cloud services can benefit from a CCoE. In smaller organizations,
the CCoE function may be performed by a single cloud architect. A single CCoE can serve both
modes of bimodal IT, but will likely have different best practices for each mode; and the most
successful CCoEs are typically more focused on business agility than cost reduction.
Recommended Reading: "Preparing the In-House IT Organization for Public Cloud"
"Analyzing the Role and Skills of the Cloud Architect"
Climbing the Slope
Cloud Office
Analysis By: Jeffrey Mann
Definition: "Cloud office" refers to a collection of the most broadly used suites of SaaS-based
personal productivity, horizontal collaboration and communication tools. The suites generally
include email, IM, file sharing, conferencing, document management and editing, search and
discovery, and collaboration. Microsoft Office 365 and Google G Suite are the primary examples.
The broad term "cloud office" is a general term. The name "Microsoft Office" refers to a specific set
of products.

Position and Adoption Speed Justification: The cloud office technology profile has advanced
quickly along the Hype Cycle as enterprise adoption grows and the technologies become well
understood. While progress is steady with approximately 30% to 40% of enterprises having made
the move, the scale and volume of cloud office projects can lead to frustration. Migrations can
prove difficult and some organizations fail to realize all of the potential value that these suites can
provide.
Microsoft and Google have been investing heavily to attract enterprises to their cloud office
offerings, and they are responsible for most of the enterprise deployments. Other vendor offerings
include IBM Connections Cloud, Amazon WorkDocs/WorkMail/Chime and Zoho Office Suite.
Enterprises are making the move because of general preference for cloud deployments and the
desire to reduce costs, redeploy IT staff, drive simplicity and provide more functionality to users.
Vendors provide their most attractive new features — such as mobile apps, content discovery tools
and artificial intelligence — from cloud deployments only.
User Advice: For digital workplace leaders:
■ Be realistic about compliance and legal concerns. Do not assume that there is a rule preventing
you from moving to a cloud office supplier without first investigating the matter by working with
legal counsel. Gartner finds that many assumptions about legal restrictions are due to
unnecessarily wide interpretations.
■ Look beyond a "like for like" deployment that focuses only on recreating previous on-premises
functionality from the cloud. Although this can be a good initial step, investigate the unique
capabilities of cloud office suites to improve digital dexterity, efficiency and innovation.
■ Plan specific efforts to address user adoption by focusing on user change management. It is
usually not obvious how to use the new capabilities to increase effectiveness. Employees will
benefit from assistance and guidance, perhaps from more advanced colleagues, as a part of the
digital dexterity initiative.
■ All organizations must take a position on cloud office deployment, even if it is a decision not to
move, or not to move yet. An active decision is better than delay.
■ Look to cloud office suites as a source for continuous innovation in a form that is relatively easy
to adopt. Innovations like every day AI, cross-tool integration, and better meetings are likely to
come from cloud office products.
■ Ignore self-serving vendor migration pressures, but develop plans based on enterprise
requirements and strategies.
Business Impact: The wide scope of cloud office workloads (especially email) means that this
technology will potentially affect everyone in the organization. These suites support a wide variety of
styles of collaboration including video, conversational, and social as well as the more conventional
email and IM. While overall adoption is in the 30% to 40% range, most organizations have made a
plan or specifically decided to put off making a move, which will be difficult to avoid in the longer
term.

Sample Vendors: Amazon; Google; IBM; Microsoft; Zoho
Recommended Reading: "Office 365, G Suite or Other Cloud Office Initiatives Primer for 2018"
"Maximize the Value of Office 365 or G Suite by Making It Part of a Digital Workplace Program"
"Use a People-Centered Approach to Manage Cloud Office Migration for Business Value"
"Implementing Microsoft Office 365: Gartner Survey Results and Analysis, 2018"
"Checklist for Microsoft Office 365 or Google G Suite Migration Planning"
iPaaS
Analysis By: Massimo Pezzini
Definition: Integration platform as a service (iPaaS) is a cloud service that supports application,
data and process integration requirements, usually involving a combination of cloud-based, on-
premises, mobile and IoT endpoints. iPaaS delivers a mix of capabilities typically found in classic
integration software and, increasingly, in API management platforms. IT departments and lines of
business leverage these capabilities to develop, manage and execute integration processes —
increasingly in the context of hybrid integration platform strategies.
Position and Adoption Speed Justification: iPaaS offerings are primarily used for SaaS and
cloud-data integration, but increasingly also for API publishing and management, mobile app
integration, data management and Internet of Things (IoT) scenarios. A growing number of
organizations have also adopted iPaaS as a complement to, or replacement for, traditional
integration platform software to support on-premises application, data and B2B integration projects.
This often happens in the context of an integration strategy that aims at hybrid integration platform
(HIP) and self-service delivery models to support a range of integration personas (such as
integration specialists or ad hoc and citizen integrators).
Tens of thousands of organizations, of all sizes and in all vertical industries and geographies, have
so far adopted iPaaS offerings, therefore providers' revenue is skyrocketing (close to 70% growth in
2017). The market includes many specialist players (Dell Boomi, Jitterbit, SnapLogic, Workato) as
well as established integration providers (Informatica, Software AG, TIBCO Software). The iPaaS
offerings of megavendors (IBM, Microsoft, Oracle, SAP and now also Salesforce) are having a
significant impact on the market, primarily via cross-selling to established clients.
iPaaS functionality is available as stand-alone offerings, but also often as an "embedded" feature in
a variety of cloud services. This will favor adoption, although it may result in some duplication of
technology for organizations with multiple, uncoordinated buying centers.

Driven by the explosion of innovative and time-constrained digital business initiatives, and pushed
by the marketing machines of the megavendors, iPaaS adoption will continue to grow quickly both
in SMBs and large organizations. Barriers to this adoption will include:
■ Growing market fragmentation

■ Bifurcation between enterprise iPaaS providers (broad use-case coverage) and domain-specific
iPaaS players (focused on verticals, or ecosystems), which may create confusion in the market
■ The dubious viability of some pure-play providers
User Advice: Compelling iPaaS value propositions include ease of use (expected to further improve
via the recent introduction of AI, ML and NLP techniques), fitness with cloud-centric integration
requirements, self-service via cloudstreams (prepackaged integrations), and lower entry and IT
operation costs. iPaaS's greater flexibility and range of functionality than with traditional integration
platforms also appeals to prospects.
Application leaders responsible for modernizing their integration infrastructure should position iPaaS
as:
■ The integration platform of choice for midsize organizations moving to the cloud and for
"greenfield" integration initiatives
■ A quick-win approach to well-defined use cases, typically via the tactical adoption of domain-
specific iPaaS offerings
■ An opportunity to enable application developers, SaaS administrators or even business users to
occasionally perform integration tasks in a self-service fashion (ad hoc and citizen integrators)
■ A viable option for a variety of "adaptive" integration projects with low budgets, severe time
constraints, and informally defined and incrementally formulated requirements
■ A complement to traditional integration platforms for a wide range of integration scenarios, via
the adoption of enterprise iPaaS offerings — increasingly in the context of HIP strategies and to
support bimodal approaches to integration
Application leaders should, however, think strategically but act tactically in their iPaaS acquisitions,
because market changes are likely to happen during the next three to five years (if not earlier) as it
progressively moves toward saturation. Many of the current providers will be acquired; retrench into
narrow, more defensible niches; reposition; or simply go out of business.
Business Impact: The use of iPaaS offerings will help application leaders to:
■ Support the any-to-any, pervasive integration challenge posed by digital transformation

initiatives; typically, as a complement to a broader HIP
■ Reduce the time to value for new cloud services, via faster integration
■ Increase business process efficiency
■ Integrate faster and more easily with business partners

■ Enable business innovation through API publishing, mobile apps, IoT integration and other
emerging use cases such as robotic process automation, event-stream processing and digital
integration hub architectures
Through iPaaS, the state-of-the-art application and data integration technology previously used only
by large organizations, is now also affordable for midsize businesses — enabling them to improve
the quality and agility of their business processes.
Sample Vendors: Dell Boomi; IBM; Informatica; Jitterbit; Microsoft; MuleSoft; Oracle; Scribe
Software; SnapLogic; Workato
Recommended Reading: "Magic Quadrant for Enterprise Integration Platform as a Service,

Worldwide"
"Technology Insight: Enterprise Integration PaaS"
Private PaaS
Analysis By: Yefim V. Natis; Paul Vincent
Definition: A private platform as a service (PaaS) is a type of PaaS that offers exclusive access to a
customer organization. Private PaaS may be established on-premises or hosted on a public IaaS by
the customer organization (self-managed). It can be managed by a service provider (provider-
managed), typically as an isolated-tenancy (dedicated) rendition of a public PaaS available from the
same provider.
PaaS framework software products are designed as supporting technology to set up a private self-
managed PaaS.
Position and Adoption Speed Justification: "Private PaaS" is a name that has been often
attributed — incorrectly — to simply a deployment of a PaaS framework software, like Pivotal
Application Service or Red Hat OpenShift Container Platform, or a less-opinionated container
management software, like Mesosphere DC/OS or Pivotal Container Service. Container
management on-premises is a progressive development for most organizations, it delivers greater
agility and efficiency to the organization's IT. But it does not automatically deliver the cloud benefits
associated with PaaS — standardization, separation of concerns, elastic scalability and self-service.
Private PaaS is associated foremost with the separation of providers of services and the
subscribers. There must exist a platform operations team that is independent of the development
team that subscribe to the platform services. In a self-managed environment, both the operations
and the development teams belong to the same organization. In the provider-managed scenario the
operations and the development teams are different companies (the provider and the customer). In
both scenarios, a portal must isolate the two sides (the operations and development teams) and the

provider does not offer any customer-specific services, only a standard list, available equally to all
qualified subscribers. Such organizational discipline is hard to enforce in most self-managed
deployments; the provider-managed option is more likely to deliver true cloud PaaS experience in a
private context.
Growing popularity and production experience of organizations with PaaS framework and container
management software have led most organizations to a more realistic understanding of what
outcomes and experiences are available with that technology and the associated necessary
investments. Some organizations have succeeded in establishing the firm separation of the
providers and subscribers of the PaaS capabilities. Others have simply settled on the better
operation IT environment. The greater sense of reality for self-managed private PaaS and the
increasing use of the provider-managed (dedicated) private PaaS — both lead to overall increasing
maturity of private PaaS deployments, advancing it toward the Plateau of Productivity.
User Advice: Application Leaders, CIOs, CTOs, IT leaders and planners should:
■ Plan private PaaS initiatives in the knowledge that true cloud outcomes are not achieved
through technology alone, but require changes to the IT organization, its culture, processes,
policies and operations.
■ Where feasible, choose public cloud services; recognize that establishing a private PaaS is not
a trivial exercise — it will require a lot more effort, skill and experience than subscribing to a
public PaaS service.
■ When determined to establish a private PaaS environment, understand that taking the provider-
managed (dedicated) private PaaS approach is more likely to deliver the desired cloud
outcomes.
■ Recognize that software that is suitable for enabling a private PaaS environment is also suitable
for building a modern, continuous DevOps environment. Distinguish between these two
objectives and understand their priorities to make the most of the technology available and
avoid unnecessary costs and disappointments.
Business Impact: Private PaaS offers access to some of the benefits of cloud computing for
organizations that are concerned about public cloud maturity, security and quality of service, or the
vendor lock-in. It positions these organizations for gradual transition to hybrid and public application
platform options. Thus, private PaaS accelerates cloud adoption by the more-conservative
mainstream enterprises. It also opens the customer organizations to potential multicloud presence
to reduce vendor lock-in.
Sample Vendors: Docker; IBM Cloud Dedicated; Mesosphere; Oracle Dedicated Compute Classic;
Pivotal; Red Hat

Recommended Reading: "How Private PaaS Can Begin to Transform Your IT"
"2018 Planning Guide for Cloud Computing"
"The Key Trends in PaaS, 2018"
"Not Just PaaS: Know and Use The Cloud Platform Continuum"
Public Cloud Storage

Analysis By: Raj Bala
Definition: Public cloud storage is IaaS that provides block, file and/or object storage services
delivered through various protocols. The services are stand-alone, but often are used in conjunction
with compute and other IaaS products. The services are priced based on capacity, data transfer
and/or number of requests. The services provide on-demand storage and are self-provisioned.
Stored data exists in a multitenant environment, and users access that data through the block,
network and REST protocols provided by the services.
Position and Adoption Speed Justification: Public cloud storage is a critical part of most
workloads that utilize public cloud IaaS, even if it's often invisible to end users. In fact, the default
volume type used for virtual machines on some providers is SSD-based block storage.
Unstructured data is frequently stored in object storage services for high-scale, low-cost
requirements, but end-users are often unaware of the underlying storage type being used. However,
the market for public cloud storage is becoming less invisible to end users as cloud providers begin
offering more traditional enterprise brands with data management capabilities of storage systems
found on-premises.
User Advice: Do not choose a public cloud storage provider based simply on cost or on your
enterprise's existing relationship with the provider. The lowest-cost providers may not have the
scale and operational capabilities required to become viable businesses that are sustainable over
the long term. Moreover, these providers are also unlikely to have the engineering capabilities to
innovate at the rapid pace set by the leaders in this market. Upheaval in this market warrants
significant consideration of the risks if organizations choose a provider that is not one of the
hyperscale vendors, such as Alibaba, Amazon Web Services, Google and Microsoft. Many of the
Tier 2 public cloud storage offerings that exist today may not exist in the same form tomorrow, if
they exist at all.
Utilize public cloud storage services when deploying applications in public cloud IaaS
environments, particularly those workloads focused on analytics. Match workload characteristics
and cost requirements to a provider with equivalently suited services.
Business Impact: Public cloud storage services are among the bedrock that underpins public
cloud IaaS. Recent advances in performance as it relates to these storage services have enabled

enterprises to use cloud IaaS for mission-critical workloads in addition to new, Mode-2-style
applications. The security advances allow enterprises to utilize public cloud storage services and
experience the agility aspects of a utility model, yet retain complete control from an encryption
perspective.
Maturity: Mature mainstream
Sample Vendors: Alibaba Cloud; Amazon Web Services; Google; IBM; Microsoft; Oracle;
Rackspace; Virtustream
Recommended Reading: "Magic Quadrant for Public Cloud Storage Services, Worldwide"
SaaS Administrative ERP

Analysis By: Mike Guay
Definition: SaaS administrative ERP focuses on financial management, human capital management
(HCM) and indirect procurement. Some organizations deploy administrative ERP capabilities as a
corporate "backbone," which some industries augment with industry-specific functionality. SaaS
(cloud) administrative ERP does not include remote hosting, where ownership remains with the
customer, or private cloud. In postmodern ERP strategies, SaaS administrative ERP can be
supported either using solutions from multiple vendors or a single-vendor suite.
Position and Adoption Speed Justification: Public cloud SaaS is now the preferred deployment
model for new HCM, finance and indirect procurement capabilities across industries and
organization sizes. Gartner predicts that, through 2020, SaaS HCM and financial revenues will
continue to grow at 7% annually.
Currently, organizations of all sizes are adopting a strategic approach to sourcing all their
administrative ERP capabilities as SaaS. In the last few years, there has been an increase in
adoption of SaaS core financial management applications by organizations with revenues in excess
of $1 billion. Organizations with revenues in excess of $5 billion are still early adopters, but SaaS is
the preferred option when replacing these capabilities, even in these organizations. Vendors like
Oracle and Workday are aggressively marketing their SaaS administrative ERP suites, while the
maturity of solutions from specialist vendors across all aspects of administrative ERP continues to
grow.
User Advice:
■ Organizations need to make decisions about cloud deployment options in the context of their
overall postmodern ERP strategy (see "Adapt Your ERP Strategy to Support a Digital Platform").

■ When adopting SaaS applications, organizations need to build the necessary processes and
skills for quality assurance and adoption of new features that come with the frequent automatic
updates. This means reducing and managing customizations and preparing the user community
(see "Adapting Your IT Strategy for a Cloud-Dominated Business Application Environment")
■ Organizations need to educate users about the benefits of a standardization approach.
Adopting the standardized capabilities in SaaS administrative ERP solutions requires a shift in
the mindset of many business users, especially when they have used highly customized
applications. Identify key decision makers and influencers from finance, HCM and procurement,
and support these changes.
■ SaaS vendors make much of the "low cost" of public cloud offerings. However, total cost of
ownership (TCO) for public cloud administrative ERP has not been proven to be lower than that
for on-premises and hosted alternatives. It is therefore important to undertake a detailed TCO
analysis spanning at least two renewal cycles (often six to 10 years) to provide a clear
estimation of subscription and support costs, as compared with alternatives.
■ Moving administrative ERP capabilities to the public cloud will require new integration skills and
technologies to support feeder systems linked to HCM, financials and procurement (see "How
to Create an Integration Strategy That Supports Postmodern ERP").
Business Impact: Public cloud SaaS administrative ERP offers the opportunity to standardize
business processes, reduce customization and improve operating efficiencies. Organizations will
also have the opportunity to "reset" administrative processes and adopt new ways of working,
supported by a new generation of SaaS applications coupled with process best practice templates
from system integrators and vendors.
Moving to the public cloud also makes it easier to adopt the new functionalities required to support
new regulatory requirements, because vendors can deliver these more rapidly than with an on-
premises model. This can be of significant benefit to administrative functions, especially those
within finance and HR.
Sample Vendors: Acumatica; Epicor Software; FinancialForce; Microsoft; Oracle; Sage; SAP;
Ultimate Software; Unit4; Workday
Recommended Reading: "Finance Moving to the Cloud: The Steps to Take and the Benefits You
Can Expect"
"How and Why to Move HCM to the Cloud"
"Key Steps to Moving Your Procurement and Sourcing to the Cloud"
"Magic Quadrant for Cloud HCM Suites for Midmarket and Large Enterprises"

"Magic Quadrant for Cloud Core Financial Management Suites for Midsize, Large and Global
Enterprises"
"Magic Quadrant for Procure-to-Pay Suites"
"Application Leaders Must Deal With Hybrid Reality: Staffing and Skills for the Cloud-Based
Application Organization"
Application PaaS
Analysis By: Paul Vincent; Yefim V. Natis
Definition: An application platform as a service (aPaaS) is a cloud platform service that offers
application development and deployment environments. There are high-productivity and high-
control types of aPaaS. Some are multifunction, embedding services like databases. Others focus
on programming code environments and rely on other specialized PaaS (xPaaS) for additional
services.
Position and Adoption Speed Justification: The aPaaS market is served by all the cloud
megavendors and many independents. The megavendors, such as Amazon Web Services,
Microsoft and Salesforce, are pursuing megaPaaS strategies and moving to complete their
coverage of high-control and high-productivity aPaaS. Independent vendors offer specialized or
multifunction capabilities. Some aPaaS have evolved from on-premises development platforms or
cloud SaaS, and there is increasing support for hybrid on-premises and multicloud options.
The largest aPaaS vendor is Salesforce, which supports a SaaS plus PaaS model and high
productivity plus high control. It is the No. 1 aPaaS vendor by some margin (with revenue of $1.8
billion in 2017), the No. 2 for PaaS, and the No. 3 for application infrastructure and middleware.
Salesforce is continuing to grow fast in the aPaaS sector through training programs and its app
store ecosystem.
Other megavendors were late to the aPaaS market, especially for high-productivity aPaaS. It is no
coincidence that the independents are mostly thriving in the high-productivity sector traditionally
overlooked by legacy platform vendors.
The aPaaS market achieved a compound annual growth rate of over 20% over the past three years.
This contrasts with the traditional platform middleware market's compound annual decline of 1.6%.
The maturation of aPaaS technologies marks the beginning of mainstream de facto usage by
enterprise and departmental IT teams. Enterprise adoption of aPaaS offerings in general is
increasing and steadily moving toward the Plateau of Productivity, with cloud-native capabilities
replacing traditional on-premises monolithic application technology. There are competitive threats to
high-control aPaaS from self-assembled container-based platforms, PaaS frameworks and
serverless function PaaS (fPaaS): aPaaS in general has yet to shift to the serverless model that will
provide opacity of underlying infrastructure and maturity. Today, the combination of high-control and
high-productivity aPaaS fulfills the majority of requirements for new and modernized applications.

User Advice: Application leaders, CIOs, CTOs, IT leaders and planners should:
■ Use cloud-native platforms, including aPaaS, as strategic platforms for all new and modernized
applications. Although aPaaS is still evolving, avoiding it risks limiting agility and innovation, as
the familiar "legacy" platforms of past decades are inelastic. aPaaS offerings provide cloud-first,
cloud-native best practices, and should be the primary components of a hybrid application
platform portfolio.
■ Consider both high-control and high-productivity aPaaS for appropriate use cases. High-control
aPaaS is suitable for mesh app and service architecture (MASA) and high-performance
miniservices and microservices, as opposed to "bare bones" container infrastructure as a
service (cIaaS) offerings. High-performance aPaaS is suitable for more common enterprise use
case patterns and where three-month delivery schedules are more important than specialized
services or extreme performance. Blend both types for maximum flexibility in terms of
technologies, development skills and speed of application delivery.
■ Consider cloud-enabled application platforms or PaaS frameworks, such as Cloud Foundry and
OpenShift, as alternatives to aPaaS where high-control hybrid, multicloud or edge application
services are desired.
■ Augment or replace high-control aPaaS with fPaaS when they require variability in compute
resources and are not concerned with infrastructure for professional coders' applications. They
should, however, note that fPaaS is still a new platform type.
■ Favor strategic providers that offer integrated access to, and management of, high-productivity
and high-control aPaaS capabilities, as well as other specialized xPaaS, SaaS and/or IaaS (as
required across projects).
■ When planning aPaaS-centered initiatives, give special consideration to integration needs. Web-
scale IT will demand continuous change, extension and integration. Vendor reliability in terms of
backward-release compatibility should also be assessed.
Business Impact: Public aPaaS changes the model of IT software engineering from full-stack
responsibility to a focus on the business content of applications. This, in turn, encourages a shift in
IT organization, processes, skills and culture from infrastructure-centric to business-centric. The
benefit of adopting aPaaS to replace traditional on-premises development and production
management of applications is at least moderate. It may be high or even transformational when
used in conjunction with, or in support of, agile and associated methodologies. In these cases,
aPaaS gives IT teams new time-to-market advantages and ready access to cloud-native
technologies.
Sample Vendors: Google; Kony; Mendix; Microsoft; Oracle; OutSystems; Quick Base; Salesforce;
SAP; ServiceNow

Recommended Reading: "Platform as a Service: Definition, Taxonomy and Vendor Landscape,

2016"
"Market Guide for Application Platforms"
"Magic Quadrant for Enterprise High-Productivity Application Platform as a Service"
"Establish Guidelines for Selecting Cloud Platform Services"
"The Key Trends in PaaS, 2018"
Cloud Computing
Analysis By: David Mitchell Smith
Definition: Cloud computing is a style of computing in which scalable and elastic IT-enabled
capabilities are delivered as a service using internet technologies.
Position and Adoption Speed Justification: Cloud computing is a very visible and hyped term,
and has passed the Trough of Disillusionment. Cloud computing remains a major force in IT. Every
IT vendor has a cloud strategy — although many aren't cloud-centric, and some are better
described as "cloud inspired." Although users are unlikely to completely abandon on-premises
models, there is continued movement toward consuming more services from the cloud and enabling
capabilities not easily done elsewhere. Much of the focus is on agility, speed and other non-cost-
related benefits.
"Cloud computing" continues to be one of the most hyped terms in the history of IT. Its hype
transcends the IT industry and has entered popular culture, which has had the effect of increasing
hype and confusion around the term. In fact, cloud computing hype is literally "off the charts," as
Gartner's Hype Cycle does not measure amplitude of hype (that is, a heavily hyped term such as
"cloud computing" rises no higher on the Hype Cycle than anything else).
Although the peak of hype has long since passed, cloud still has more hype than many other
technologies that are actually at or near the Peak of Inflated Expectations. Variations, such as
private cloud computing and hybrid approaches, compound the hype, and reinforce that one dot on
a Hype Cycle cannot adequately represent all that is cloud computing. Some cloud variations (such
as hybrid IT and now multicloud environments) are now at the center of where the cloud hype
currently is.
User Advice: User organizations must demand clarity from their vendors around cloud. Gartner's
definitions and descriptions of the attributes of cloud services can help with this. Users should look
at specific usage scenarios and workloads, map their view of the cloud to that of potential
providers, and focus more on specifics than on general cloud ideas. Understanding the service
models involved is key.
Vendor organizations should focus their cloud strategies on more specific scenarios and unify them
into high-level messages that encompass the breadth of their offerings. Differentiation in hybrid

cloud strategies must be articulated. This will be challenging, as all are "talking the talk," but many
are taking advantage of the even broader leeway afforded by the term. "Cloudwashing" should be
minimized. Gartner's Cloud Spectrum can be helpful.
Adopting cloud for the wrong reasons can lead to disastrous results. There are many myths
surrounding cloud computing as a result of the hype (see "The Top 10 Cloud Myths") for details and
advice.
Business Impact: The cloud computing model is changing the way the IT industry looks at user
and vendor relationships. Vendors must become providers, or partner with service providers, to
deliver technologies indirectly to users. User organizations will watch portfolios of owned
technologies decline as service portfolios grow.
Potential benefits of cloud include cost savings and capabilities (including concepts that go by
names such as "agility," "time to market" and "innovation"). Organizations should formulate cloud
strategies that align business needs with those potential benefits. Agility is the driving factor, most
of the time.
Sample Vendors: Amazon; Google; IBM; Microsoft; Oracle; Red Hat; Salesforce; SAP
Recommended Reading: "Cloud Computing Primer for 2018"
"The Top 10 Cloud Myths"
"Four Types of Cloud Computing Define a Spectrum of Cloud Value"
Platform as a Service (PaaS)

Analysis By: Yefim V. Natis; Paul Vincent
Definition: Platform as a service (PaaS) is a type of a cloud offering that delivers application
infrastructure (middleware) capabilities as a service. Gartner tracks multiple types of PaaS (xPaaS),
including, among many more, application platform as a service (aPaaS), integration PaaS (iPaaS),
API management PaaS (apimPaaS), function PaaS (fPaaS), business analytics PaaS (baPaaS), IoT
PaaS and database PaaS (dbPaaS). PaaS capability can be delivered as a provider-managed or
self-managed, multitenant or dedicated.
Position and Adoption Speed Justification: The time of rampant hype and confusion about the
promise and nature of PaaS is behind us, although some confusion remains, brought about by the
blurring boundaries between PaaS on one hand and IaaS and SaaS on the other. Mainstream users
have been gaining real value from PaaS deployments and a growing number of organizations are
making long-term plans for PaaS projects, replacing their reliance on on-premises and IaaS+

initiatives and seeking new relationships with megaPaaS vendors. The increasing maturity of PaaS
offerings overall, the fast-improving execution by IT megavendors (including Microsoft, Amazon
Web Services [AWS], Google, SAP, Salesforce, IBM and Oracle), the growing market acceptance of
the smaller xPaaS innovators (including Dell Boomi, Mendix, Kony, Informatica, Pegasystems,
OutSystems, StereoLOGIC, C3C IoT and many others), the momentum of SaaS and IaaS
introducing PaaS to more organizations, the emerging born-on-the-cloud xPaaS capabilities (such
as fPaaS) that are inherently cloud-only — all of these trends are increasing customers' confidence
and advancing adoption of PaaS overall toward the Plateau of Productivity. Some specific xPaaS
categories have already reached the maturity of mainstream adoption, including aPaaS, iPaaS,
dbPaaS and others.
User Advice: Application Leaders, CIOs, CTOs and IT leaders and planners:
■ Build new business software utilizing PaaS offerings to gain expertise in cloud-native
experience, to take advantage of the continuous innovation common to cloud environment, to
gain high quality of service, including high availability, disaster recovery and security, and to be
prepared for the next wave of business and technology innovation that will mostly be cloud-
native and often cloud-only.
■ Look beyond just the application development using aPaaS. A mature PaaS can provide
application platform, integration, event processing and stream analytics, IoT, business process
management, portal, database management, in-memory data grids, business analytics,
contextual data discovery, and other middleware services. The PaaS market can be as diverse
in functionality as the traditional platform and middleware market, and it can support a broad
variety of project types.
■ When public cloud is not an acceptable option, consider the provider-managed (dedicated or
local) virtual private PaaS ahead of the self-managed private. Self-managed private PaaS is
often too hard to carry out, for organizational and cultural reasons. The provider-managed
virtual private PaaS can be a suitable alternative.
■ Choose comprehensive PaaS (megaPaaS) providers when looking to consolidate some cloud
business relationships, but avoid exclusive commitments to retain the technical and business
ability to incorporate PaaS capabilities of multiple providers.
■ To build a dependable platform strategy and reduce vendor lock-in, consider PaaS for initiatives
that build on your commitments to SaaS or IaaS providers — in preference to embedded
platform features.
Business Impact: The relationship between the vendors and their customers changes dramatically
with transition to the cloud, where the vendors shift from just the role of the manufacturers of
software to that of active facilitators of their customer's platform operations. Responsibilities, costs,
skills, organization and culture of enterprise IT (and business operations) undergo a transformation.
IT vendors and users that delay strategic adoption of cloud platform technology, architecture and
organization, are at risk of losing loyalty of their customers. Customers that delay adoption of cloud
platform services (PaaS), will find themselves with expensive vendor lock-in and chaotic handling of
their hybrid technology environment.

Sample Vendors: Amazon Web Services; Dell Boomi; Google Cloud Platform; IBM Cloud; Mendix;
Microsoft Azure; Oracle Cloud Platform; OutSystems; Salesforce Platform; SAP Cloud Platform
"Innovation Insight for Platform-as-a-Service Suites (MegaPaaS)"
Cloud-Testing Tools and Services

Analysis By: Joachim Herschmann; Thomas E. Murphy
Definition: Cloud-testing tools and services involve the use of cloud technology to support testing
from or in the cloud. This includes cloud-based lab management, service virtualization, on-demand-
delivered testing tools and device clouds. This term also covers support for large-scale load and
performance tests, strong technology coverage (e.g., middleware, message formats, security
protocols) and the ability to work across applications using a mixture of technologies.
Position and Adoption Speed Justification: Cloud-testing solutions have become commonplace
in performance and load testing, including performance monitoring. In addition, cloud-based
solutions for functional, usability and user experience testing, as well as cross-browser, cross-
platform and mobile testing, have gained strong traction in the market. The demand created by
mobile-first and omnichannel delivery initiatives has created a strong demand for web, mobile web
and mobile device testing options in the cloud. This includes visual testing, such as comparisons of
how applications render on different end-user devices and browsers.
In many cases, cloud-testing tools supplement existing on-premises testing solutions. But the
balance continues to shift as larger parts of DevOps toolchains are delivered from the cloud. The
cloud model has become widely accepted and is fast becoming an integral part of the software
delivery pipeline. Cloud-based testing solutions are both accelerating the adoption of automated
testing and becoming integral parts of testing tool portfolios.
User Advice: Several use cases exist for these products. However, primary consideration should be
based on lab scalability and the ability to match production use scenarios in a realistic way. For
companies looking to control the costs of lab setup and maintenance of tool licenses, cloud-testing
tools and services provide good choices. They are especially relevant in cases where the use of
testing tools is seasonal. They are also a good option for companies that lack tools and rely on
manual testing, enabling these companies to move to automation and best-practice behavior.

Integrate cloud-based testing tools into an agile delivery pipeline to further accelerate development
and testing of applications. Consider cloud-delivered, scalable and automated on-demand test labs
as part of a DevOps strategy. Full success requires that testing organizations also develop mature
change management and testing practices.
For performance testing, consider whether there are readily available machines that have already
been purchased. These may be easier and less expensive for smaller-scale internal testing that
doesn't require a heavy load. Here, it's important to understand the costs and benefits of in-house
provisioning versus the cloud. It is crucial to clearly define the objectives of moving a particular
testing project to the cloud.
Business Impact: Moving test labs to use a virtualized infrastructure in private and public clouds
can reduce the cost of management, hardware, software and power. At the same time, it can be the
crucial element that is needed to reach the goal of continuous delivery. Hosted tools increase the
ability to run more tests more frequently, which reduces production errors and system failures.
Cloud-based software provides more flexible billing and capacity, which must be balanced against
usage profiles. This flexibility is viable for all organizations, regardless of the development methods
they use.
Sample Vendors: CA Technologies; Experitest; IBM; Microsoft; Neotys; Perfecto; Sauce Labs;
SmartBear; SOASTA; Testbirds
Recommended Reading: "Build Continuous Quality Into Your DevOps Toolchains 2018"
"Adopt a 'Shift Left' Approach to Testing to Accelerate and Improve Application Development"
"IT Market Clock for Application Development, 2017"
Infrastructure as a Service (IaaS)

Definition: Infrastructure as a service (IaaS) is a standardized, highly automated offering in which

computing resources owned by a service provider, complemented by storage and networking
capabilities, are offered to customers on demand. Resources are scalable and elastic in near real
time and metered by use. Self-service interfaces, including an API and a graphical user interface
(GUI), are exposed directly to customers. Resources may be single-tenant or multitenant, and are
hosted by the service provider or on-premises in a customer's data center.
Position and Adoption Speed Justification: Cloud IaaS is a mainstream technology that can be
used to host most workloads, including mission-critical enterprise applications. Customers must

still pay careful attention to selecting an appropriate provider, architecture and security controls, and
are responsible for proper governance.
The best use of IaaS is transformational, where it can offer significant benefits in business agility,
operations quality and cost. IaaS is frequently used to improve developer productivity and agility,
and can facilitate continuous integration/continuous deployment (CI/CD), and the use of
"infrastructure as code," including immutable infrastructure.
IaaS is increasingly used as a general substitute for data center infrastructure, and may drive
improved operations, efficiency and cost savings. In this context, it is typically used to host
traditional business applications, and may even host complex enterprise applications, such as ERP.
Although growth of the market outside of the U.S. has been slower — non-U.S. competitors have
been much weaker, with immature and limited offerings, and regulatory and data-sovereignty
requirements may require keeping data and processing in-country — global demand is robust. Non-
U.S. adoption continues to accelerate as the market leaders open data centers in more countries.
User Advice: The cloud IaaS provider market has bifurcated. Hyperscale integrated IaaS and PaaS
providers dominate the market, and a single vendor (Amazon Web Services) holds a commanding
market share lead. The nonhyperscale providers have largely been relegated to specialized
scenarios — primarily scenarios that require deep support for legacy technologies, or that have
specific location requirements that cannot be met by a hyperscale cloud provider. In general, the
hyperscale providers offer a broad range of capabilities, and can meet enterprise requirements for
availability, performance, security, regulatory compliance, service and support. The other providers
also generally offer high-quality services, though these services are more limited in scope.
Businesses can safely adopt these services. The risks are not significantly greater than with other
outsourced hosting approaches, assuming the cloud services used match the service levels and
security needs of the applications.
Most enterprises have begun to adopt IaaS strategically — and have a broad range of workloads on
IaaS, including production applications. Public cloud IaaS now represents more than 15% of overall
workloads. Midmarket businesses are the most likely to believe that IaaS will replace nearly all of
their data center infrastructures during the next five years. Most businesses have at least piloted
IaaS, but those that have not done so should begin with new applications.
Both public multitenant and private single-tenant offerings are available; however, the distinction
between public and private cloud IaaS is blurring. The most cost-effective clouds are highly
standardized and use a shared capacity pool. There are hybrid public/private cloud offerings —
enabling "cloud bursting" for on-demand capacity and business continuity — however, this
technology is likely to remain confined to narrow niches.
In most cases, there are no technical barriers, and few contractual or business barriers, to using
cloud IaaS for a virtualizable x86-based application. Instead, IT leaders should ask themselves
whether cloud IaaS is the best possible solution for an application. In many cases, organizations
should consider using both IaaS and PaaS, preferably from a cloud provider that offers integrated
IaaS and PaaS, rather than IaaS alone.

Business Impact: Cloud computing infrastructure services are broadly advantageous for IT
organizations. The cost benefits, driven primarily by automation, are particularly significant for small
and midsize businesses (SMBs). Larger enterprises benefit primarily from greater flexibility and
agility, although they can potentially also achieve cost reductions.
The benefits of IaaS have been driven primarily by the developer empowerment that comes from
self-service, the flexibility offered by on-demand infrastructure, and the quality and efficiency of
automation. Over time, system management tasks have become increasingly automated, leading to
more-efficient infrastructure management. Organizations that simply "lift and shift" workloads to the
cloud will reap limited cost and efficiency benefits, compared with those that use IaaS to drive IT
transformation.
The metered-by-use attribute of these services will result in more-efficient use of capacity, and their
self-service nature will empower employees outside IT operations. This will improve developer
productivity and make it easier for business buyers to obtain infrastructure.
Sample Vendors: Alibaba Cloud; Amazon Web Services; Google (Cloud Platform); IBM; Microsoft
(Azure); Oracle; Skytap; Virtustream
Recommended Reading: "Technology Insight for Cloud Infrastructure as a Service"
"Technology Insight for Integrated IaaS and PaaS"
Cloud Security Assessments

Analysis By: Jay Heiser; Khushbu Pratap
Definition: The buyers and sellers of public cloud services need standardized ways to assess
provider security and continuity. Formal assessments are performed by independent evaluators,
that are authorized by an authentication body to use published control standards and process
guidelines to evaluate service provider security posture, and publicly share their findings.
Position and Adoption Speed Justification: Every globally active Tier 1 cloud service provider
(CSP), such as Amazon Web Services (AWS), Box, Dropbox, Google, Microsoft, Salesforce and
Workday, has completed several formal third-party security assessments. Approximately half of the
growing number of Tier 2 cloud service providers have also undertaken at least one formal security
assessment (although rapid growth in the number of midsize CSPs continues to make this a difficult
estimation). Customer data from cloud access security broker vendors suggests that half of all SaaS
traffic is flowing to assessed vendors.

Formal evaluation is becoming a standard for CSPs that wish to provide services to enterprise
customers. Gartner anticipates that within several years, virtually all Tier 1 and 2 CSPs, representing
virtually all strategically significant providers, will successfully complete and maintain a cloud
security assessment.
User Advice: Cloud service buyers that desire useful levels of assurance for cloud service security
and reliability for the least cost and effort should use CSPs that have been verified through a
standards-based, third-party evaluation. By a significant degree, ISO/IEC 27001 and SOC 2 are the
two most widely recognized and available standards-based formal evaluations being used by cloud
service providers. Although they are not yet widely applied, Gartner anticipates that a growing
number of cloud security assessments will include evaluation of controls from the ISO/IEC 27017
cloud security standard, and the ISO/IEC 27018 cloud privacy standard, which will ensure that the
assessment process addresses cloud-specific security concerns. Organizations handling credit card
data must use services that have successfully undergone a Payment Card Industry Data Security
Standard (PCI DSS) evaluation, and U.S. federal agencies should be using services that have
undergone the Federal Risk and Authorization Management Program (FedRAMP) evaluation
process. In all cases, higher levels of assurance can be attained by requesting a copy of the
detailed findings report from the third-party evaluator and thoroughly reviewing it against the
specific needs and risks of your use case.
If a formal third-party evaluation is not available from a service provider, then the buying
organization should at least ensure in writing that the CSP is meeting a minimum expected set of
controls. Ask for a complete response to one of the published cloud risk questionnaires. De facto
standard templates available from Shared Assessments, the Cloud Security Alliance and the U.S.
FedRAMP program. These are constructed in the form of yes-no questions; however, in critical use
cases, much more detailed risk assessment information can be obtained by replacing the binary
"Do you?" with "How do you?" This approach cannot provide the level of rigor and assurance
typical of a formal third-party evaluation.
Most Cloud Application Security Broker (CASB) tools include a Cloud Application Discovery
capability that scores the risk relevance of cloud service providers, and several Security Ratings
Service vendors also provide scores indicative of estimated CSP security posture. While the full
accuracy of these scoring mechanisms remains an open question, they are being used by a growing
number of Gartner clients to help determine the security acceptability of CSPs that have not
undergone a formal third-party evaluation.
Do not automatically assume that all cloud services must meet the same security standards. Tier 3
cloud service providers are typically not being used in strategically important ways, so their lack of
formal security assessment is usually acceptable.
Business Impact: The impracticality of conducting a resource-intensive manual risk assessment

process has historically inhibited the cloud computing market, and it is becoming awkwardly
obvious that questionnaires take too much effort to provide too little risk-relevant information. The
use of formal cloud risk evaluation is proving increasingly beneficial in reducing the market friction
caused by concerns over security and the current lack of transparency, and it serves as a signal to
prospects that the provider intends to continue investing in security. Formal security assessments

allow cloud buyers to concentrate on the functional aspects of the available services, without having
to waste time in fruitless exercises to determine whether the CSP is "secure" or not.
Sample Vendors: Coalfire; Deloitte; EY; KPMG; PwC; Schellman
Recommended Reading: "Inform Your Cloud Service Choice With Provider Maturity"
"Market Guide for Organization Security Certification Services"
"How to Evaluate Cloud Service Provider Security"
Entering the Plateau
IaaS+
Analysis By: Yefim V. Natis; David Mitchell Smith
Definition: IaaS+ is a platform deployment model where application infrastructure (platform)

software is deployed on an infrastructure as a service (IaaS), including instance IaaS and container
IaaS. In contrast to PaaS, here the cloud provider does not take ownership of the layers above IaaS
and does not manage the quality of service, versioning and administration of the application
platform software. IaaS may be offered with preinstalled, but not managed, application
infrastructure, forming the instances of IaaS+ or container IaaS+.
Position and Adoption Speed Justification: IaaS+ is often presented as PaaS because it
deceptively offers some of the same application infrastructure capabilities (such as application
platforms, DBMS or integration). But IaaS+ does not deliver the PaaS experience, cost patterns or
productivity. It is not PaaS, though "not PaaS" may be exactly what customers need when full
control of the technology stack is the objective, such as for hosting legacy applications in the cloud
or seeking assured multicloud portability.
IaaS+ can be the preferred choice for the high-control projects that look for access to the underlying
technology infrastructure and are equipped for the challenge. It may also be the first-choice option
for projects that seek to migrate existing on-premises software to the cloud with minimal disruption,
or for those planning for multicloud deployments, especially in the case of independent software
vendors (ISVs).
As more users have gained experience with both PaaS and IaaS+ models, it has become evident
that, for mainstream customers, the increased productivity and consistency of outcomes of PaaS
outweighs the added control and familiarity of IaaS+. At the same time, the improving
understanding of the reality of IaaS+ allows those that truly need the extra control to begin to

choose IaaS+ for its true merits. Thus, use of IaaS+ is solidifying in its specialized use cases
(assured multicloud, "lift and shift," unique technical requirements). The confusion between the two
approaches is mostly in the past. This trend is gradually bringing IaaS+ toward the Plateau of
Productivity.
User Advice: For application leaders, CIOs, CTOs, IT leaders and planners:
■ Choose IaaS+ when you want to maximize control over your application infrastructure, such as
for DBMS, application and integration platforms, and when you are prepared to maintain the
required in-house expertise.
■ Choose IaaS+ when retaining on-premises software and skills, or when hybrid and multicloud
deployment are high priorities.
■ Choose IaaS+ for development and test of applications intended for production deployment on-
premises to reduce the costs and to expedite production delivery of the applications.
■ Choose a container IaaS+ when looking to utilize the agility and efficiency of OS containers and
delegate container orchestration and management, while retaining control of the application
infrastructure.
■ Choose a PaaS if you are looking for reduced complexity or increased productivity of
provisioning, management and administration for IT projects.
■ Plan for applications developed and deployed with the use of IaaS+ to achieve their ROI targets
within the next two to three years, enabling you to re-evaluate the choice between IaaS+ and
PaaS in the future.
Business Impact: For many organizations, use of IaaS+ serves as the initial step toward PaaS. It is
the least disruptive means of initial cloud adoption by established IT organizations. Its limited
platform efficiency and productivity are balanced by a greater degree of control over the operating
environment and greater portability with the on-premises skills and software (compared with PaaS).
Some advanced users take advantage of the extra levels of control in IaaS+ and build advanced
solutions, including some new PaaS capabilities. Others use IaaS+ for development and test of
applications targeted at on-premises deployments and for migration of existing software off-
premises. ISVs and some others use IaaS+ to assure multicloud portability of their applications.
Sample Vendors: Amazon Web Services; CenturyLink; Google (Cloud Platform); IBM (Cloud);
Microsoft (Azure); Oracle (Cloud Platform); Rackspace
"Technology Insight for Integrated IaaS and PaaS"

Software as a Service (SaaS)

Analysis By: Jay Heiser
Definition: SaaS is an application model in which the software is owned, delivered and managed by
the provider. It uses a pay-for-use or subscription model, with a consistent version of the application
simultaneously offered to multiple customers. SaaS is overwhelmingly delivered through a multi-
tenant public cloud model, although some applications are available as a single-tenant or on-
premises version.
Position and Adoption Speed Justification: With almost 20 years of steadily increasing
significance, SaaS has established itself as the normal delivery model for many application types,
including CRM and HCM. Preferring the cash flow benefits of subscription over licensing, almost all
application vendors have expressed an intent to make SaaS their primary, and usually exclusive,
delivery model. Although a significant minority of enterprise customers still questions the
appropriateness of a multi-tenant public cloud delivery model, virtually all organizations are making
significant use of SaaS today. However, SaaS has not been established as the norm for all forms of
software, including highly strategic applications such as ERP for manufacturing operations. SaaS as
a concept should be considered as having reached the Plateau of Productivity, but the transition
toward cloud-based application services is still arguably at its midpoint. The utilization of SaaS, and
the maturity of many existing offerings, will continue to evolve rapidly for at least another 10 years.
User Advice: SaaS should be a first preference when considering new application capabilities,
unless there are specific reasons not to such as concern for data residency requirements or
complex integration requirements. If you want to help your organization make the most effective use
of SaaS, you should use the following practices:
■ Give up on the idea that the IT department will control application choice and usage. IT can no
longer be fully in charge of the organization's digital destiny, and instead will increasingly be in
the role of internal consultant or broker for applications that are the primary responsibility of the
lines of business.
■ Treat SaaS as the first and preferred option for application capabilities, but prepare your
organization for changes in business processes as a result.
■ Embrace standard SaaS offerings, even if it means giving up some capabilities.
■ Build a culture of continuous improvement to take advantage of upgrades while minimizing
negative impact. Updates of SaaS applications will occur, and you will not have control over
them.
■ Develop policies and processes to govern the entire SaaS application life cycle, from approval
through operations to obsolescence.

■ Create a SaaS competency center to centralize and share SaaS-specific knowledge and
practices for procurement, negotiation, provisioning, use, support, continuity and customization.
Business Impact: The one-size-fits-all model of SaaS represents a form of discipline that is almost
impossible to emulate within an IT department that is inevitably pressured into countless
modifications and changes that escalate software costs. SaaS does not require a capital investment
in hardware and licenses, which further reduces its initial costs. In subsequent years, however, SaaS
may be more expensive than traditional software offerings because the operating expense remains
consistent over time. Future demands to customize or integrate SaaS applications are usually more
expensive than comparable modifications of traditional software, and may be impossible.
SaaS is a perfect choice for organizations that do not have the IT resources to deploy and maintain
on-premises software. This is prevalent in small or midsize businesses, as well as in large
enterprises with limited capabilities in their IT departments or business units. SaaS enables
companies or business departments to get to live-deployment status more quickly, especially when
deploying less complex applications. On an ongoing basis, SaaS provides more agility for making
changes through self-service interfaces and greater innovation because SaaS providers deliver
ongoing enhancements through the service. SaaS is also a great option for organizations to test or
experiment with new ideas that may or may not be fully implemented or continued.
The downside of SaaS is that usage tends to sprawl, with organizations paying for a larger set of
services and seats than are necessary. Unfortunately, the best practices for the control of SaaS, and
the associated toolset, remain relatively immature.
Sample Vendors: Box; Dropbox; Google; Microsoft Office 365; Oracle; Salesforce; ServiceNow;
Slack; Workday
Recommended Reading: "How to Plan for Resiliency in the Cloud"
"SaaS SLAs: Reduce Risk and Improve Service by Negotiating These Key Terms"
"Toolkit: Minimize SaaS Risk and Cost by Efficiently Negotiating Optimal Contract Terms and
Conditions"
"Market Trends: The Transformative Impact of SaaS on the Software Market"
"Developing Your SaaS Governance Framework"
"5 Preparation Steps to Optimize SaaS Negotiations"
"Toolkit: Agile SaaS Acquisition Using Gartner's Triage Methodology"
"Guide to Gartner's Research on SaaS Security"

"Magic Quadrant for Cloud Access Security Brokers"
"Competitive Landscape: Software Asset Management Tools"
Appendixes
Figure 3. Hype Cycle for Cloud Computing, 2017
Source: Gartner (August 2017)

Hype Cycle Phases, Benefit Ratings and Maturity Levels

Table 1. Hype Cycle Phases
Phase Definition
Innovation Trigger A breakthrough, public demonstration, product launch or other event generates significant
press and industry interest.
Peak of Inflated During this phase of overenthusiasm and unrealistic projections, a flurry of well-publicized
Expectations activity by technology leaders results in some successes, but more failures, as the
technology is pushed to its limits. The only enterprises making money are conference
organizers and magazine publishers.
Trough of Because the technology does not live up to its overinflated expectations, it rapidly becomes
Disillusionment unfashionable. Media interest wanes, except for a few cautionary tales.
Slope of Focused experimentation and solid hard work by an increasingly diverse range of
Enlightenment organizations lead to a true understanding of the technology's applicability, risks and
benefits. Commercial off-the-shelf methodologies and tools ease the development process.
Plateau of Productivity The real-world benefits of the technology are demonstrated and accepted. Tools and
methodologies are increasingly stable as they enter their second and third generations.
Growing numbers of organizations feel comfortable with the reduced level of risk; the rapid
growth phase of adoption begins. Approximately 20% of the technology's target audience
has adopted or is adopting the technology as it enters this phase.
Years to Mainstream The time required for the technology to reach the Plateau of Productivity.
Adoption
Table 2. Benefit Ratings
Benefit Rating Definition
Transformational Enables new ways of doing business across industries that will result in major shifts in industry
dynamics
High Enables new ways of performing horizontal or vertical processes that will result in significantly
increased revenue or cost savings for an enterprise
Moderate Provides incremental improvements to established processes that will result in increased revenue
or cost savings for an enterprise
Low Slightly improves processes (for example, improved user experience) that will be difficult to
translate into increased revenue or cost savings

Table 3. Maturity Levels
Maturity Level Status Products/Vendors
Embryonic ■ In labs ■ None
Emerging ■ Commercialization by vendors ■ First generation
■ Pilots and deployments by industry leaders ■ High price
■ Much customization
Adolescent ■ Maturing technology capabilities and process ■ Second generation

understanding
■ Less customization
■ Uptake beyond early adopters
Early mainstream ■ Proven technology ■ Third generation
■ Vendors, technology and adoption rapidly evolving ■ More out-of-box methodologies
Mature ■ Robust technology ■ Several dominant vendors

mainstream
■ Not much evolution in vendors or technology
Legacy ■ Not appropriate for new developments ■ Maintenance revenue focus
■ Cost of migration constrains replacement
Obsolete ■ Rarely used ■ Used/resale market only
Gartner Recommended Reading

Some documents may not be available as part of your current Gartner subscription.
"Understanding Gartner's Hype Cycles"
"Cloud Strategy Cookbook"
"Cloud Computing Primer for 2018"
"Four Types of Cloud Computing Define a Spectrum of Cloud Value"
"Amazon on the Gartner Cloud Spectrum: Leveraging Pure Cloud Leadership"
"Predicts 2018: The Cloud Platform Becomes the Expedited Path to Value"
"Critical Capabilities for Public Cloud Infrastructure as a Service, Worldwide"

"Market Definitions and Methodology: Public Cloud Services"

GARTNER HEADQUARTERS
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096
Regional Headquarters
AUSTRALIA
BRAZIL
JAPAN
UNITED KINGDOM
For a complete list of worldwide locations,

visit http://www.gartner.com/technology/about.jsp
© 2018 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This
publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of
Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication
has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of
such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice
and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner Usage Policy.
Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research
organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and
Objectivity."

Gartner Cuadrant

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Gartner Cuadrant

Caricato da

Copyright:

Formati disponibili

This research note is restricted to the personal use of ebaron@taos.com.

Hype Cycle for Cloud Computing, 2018

Analyst(s): David Smith, Ed Anderson

This research note is restricted to the personal use of ebaron@taos.com.

Sliding Into the Trough.................................................................................................................... 30

Page 2 of 81 Gartner, Inc. | G00340420

This research note is restricted to the personal use of ebaron@taos.com.

Table 1. Hype Cycle Phases................................................................................................................. 78

Figure 1. Hype Cycle for Cloud Computing, 2018...................................................................................5

The Hype Cycle

Gartner, Inc. | G00340420 Page 3 of 81

This research note is restricted to the personal use of ebaron@taos.com.

Page 4 of 81 Gartner, Inc. | G00340420

This research note is restricted to the personal use of ebaron@taos.com.

Figure 1. Hype Cycle for Cloud Computing, 2018

Source: Gartner (July 2018)

The Priority Matrix

Gartner, Inc. | G00340420 Page 5 of 81

This research note is restricted to the personal use of ebaron@taos.com.

Figure 2. Priority Matrix for Cloud Computing, 2018

Source: Gartner (July 2018)

Off the Hype Cycle

Page 6 of 81 Gartner, Inc. | G00340420

This research note is restricted to the personal use of ebaron@taos.com.

In this 2018 update, we made the following notable changes:

Site Reliability Engineering (SRE)

Gartner, Inc. | G00340420 Page 7 of 81

This research note is restricted to the personal use of ebaron@taos.com.

Page 8 of 81 Gartner, Inc. | G00340420

This research note is restricted to the personal use of ebaron@taos.com.

Benefit Rating: Moderate

Market Penetration: Less than 1% of target audience

Definition: Blockchain platform as a service (bPaaS) is a set of blockchain software platform

Gartner, Inc. | G00340420 Page 9 of 81

This research note is restricted to the personal use of ebaron@taos.com.

Benefit Rating: Moderate

Market Penetration: Less than 1% of target audience

Recommended Reading: "Market Guide for Blockchain Platforms"

"The Evolving Landscape of Blockchain Technology Platforms"

Cloud to Edge Development Support

Page 10 of 81 Gartner, Inc. | G00340420

This research note is restricted to the personal use of ebaron@taos.com.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Sample Vendors: AWS; Google; Microsoft

Gartner, Inc. | G00340420 Page 11 of 81

This research note is restricted to the personal use of ebaron@taos.com.

Page 12 of 81 Gartner, Inc. | G00340420

This research note is restricted to the personal use of ebaron@taos.com.

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Recommended Reading: "The Key Trends in PaaS, 2018"

"Innovation Insight for Serverless PaaS"

"Adding Serverless Computing and fPaaS to Your Cloud-Native Architecture Toolbox"

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2016"

Definition: Cloud tethering is an application delivery model in which a device-based application is

Gartner, Inc. | G00340420 Page 13 of 81

This research note is restricted to the personal use of ebaron@taos.com.

Page 14 of 81 Gartner, Inc. | G00340420

This research note is restricted to the personal use of ebaron@taos.com.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Sample Vendors: Adobe; Box; Concur Technologies; Dropbox; LinkedIn; Microsoft

Position and Adoption Speed Justification: Immutable infrastructure is typically used by