02 Oct Examining cloud maturity and adoption in the age of digital business
Cloud computing adoption strategies are wildly diverse. The public cloud, hybrid clouds and private clouds dot the landscape of IT based solutions. Best practices and commonalities about adoption are hard to find. We asked Daryl Plummer, vice president and Gartner Fellow, about the state of the market and how maturity and adoption are not always directly proportional.
Q:While cloud computing is at its core a very simple idea — consuming and/or delivering services from the cloud — there are many issues regarding the types of cloud computing and the scope of deployment that make the details not nearly so simple. What are some of the misconceptions around cloud?
Daryl: The biggest single misconception about cloud computing is that a company can come up with one cloud strategy for the entire enterprise. This is misguided. We are inundated with calls from clients about creating a cloud strategy who then say they don’t have a specific set of outcomes for cloud nor a specific project they are crafting the strategy to support. I say this is a scary way to go about planning for cloud computing.
Go back to the simple view. What you need to do is take it one service at a time. Once you know which services you are looking at using, you can create a strategy for implementing that service. Now, I know this is a horrifying thought for many IT directors. But the only way you will eventually have a good approach to cloud computing is to work from real world offerings. Other than that, any strategy you come up with will likely be overturned when you get into the deep end with the actual services.
There is another part to this dilemma that can help too. Instead of a definitive strategy, why not implement a decision framework for how you decide on cloud services, how you should engage the providers, and how you should govern the services. That matrix will start with things like what level of cloud service are we considering? If, at that level, then what outcomes are you seeking? And so on, and so on. Do this enough times and common characteristics start to emerge. Then you have the makings of a multi-part strategy that might hold up over time.
Q: Although the term “cloud computing” is relatively new, it incorporates derivations of ideas that have been in use for some time. Hosting, software as a service (SaaS) and virtualization are well established and are being used in many ways. As a result, some uses of cloud computing are mature, but outside that, maturity of many cloud-related technologies and concepts is spotty. What are some cloud-related technologies that CIOs and IT executives should be look at now and why?
Daryl: Cloud maturity is a journey, not a destination. You should not be looking at cloud-related technologies so much as cloud relationships. You need to have the right skills in place to coordinate cloud activities, not to run or manage cloud technologies. The common mistake many make is to think that cloud is mostly about infrastructure as a service (IaaS). This is a missed opportunity.
Cloud is really about setting up the right relationships with providers to have them deliver the outcomes your business needs. That means you have to have a lot of vendor managers, contract managers, people who govern the use of cloud services to make sure you are getting the best out of them. Those who spend their time trying to get more control of cloud services will feel cloud is less mature. Those who just work with the services that are out there and coordinate their use through governance feel cloud is already more than mature enough for them.
Q: Cloud security is also a hot topic of discussion. What are some of the things that CIOs be looking at to address and mitigate the privacy risks inherent to deploying a public cloud strategy, as well as how to remediate privacy risks of existing public cloud deployments.
Daryl: Contrary to the common view, cloud computing is more secure than on premises computing more often than not. Privacy, on the other hand, is a real challenge. In regions of the world where privacy is elevated to an issue of law, the cloud presents a problem of how to get local cloud services delivered. The use of services from other countries or from providers who are not required to live up to the regulations of a local region can be problematic as (as in Germany) you might be subject to prosecution for allowing a bit of personal data to leave the country or to be viewed inappropriately. The reaction to this has been that many providers are now building, partnering, or buying access to local data center resources to deliver their services. While this will not eliminate the privacy concerns, they will localize them.
As for security, the irrational fear of cloud security is being replaced with a more considered view of what security means to us. Now, companies are asking for risk models to evaluate how to handle securing the cloud. Gartner’s risk assessment model does exactly that. It allows a company to set up a level of risk that is acceptable and then to reduce the risk around them down to that acceptable level at a known cost. In the long term, cloud security will continue to improve but will also be plagued by more visible security failures. I say again, cloud security is better, in most cases, than on premises security in large enterprises. That doesn’t mean that we should ignore the risk.
Mr. Plummer will provide more analysis during the Gartner Symposium/ITxpo session, “The Cloud Computing Scenario.”