Kochar's concerns should be addressed over the next few years, says Daryl Plummer, managing vice president and fellow for IT consultancy Gartner. He says that by 2015, cloud vendors will understand that CIOs need to be able to audit cloud-based systems and receive guarantees about providers' liability should their systems experience failures. Such assurances will be injected into service-level agreements embedded in contracts. He also says that IT executives' calls for tools that help them govern how--and with whom--employees provision cloud resources will be answered.
Plummer adds that he expects to see "cloud brokerages," or intermediaries, emerge to help enterprises get what they need from the cloud.
That's good news for Douglas Menefee, CIO for The Schumacher Group, Lafayette, La., a physician-owned company with more than 1,500 employees that manages emergency departments for nearly 200 hospitals across the United States. Menefee has overseen an aggressive cloud strategy that has Schumacher running more than 80 percent of its business processes in cloud solutions today, many of them custom applications built using Salesforce.com's Force.com platform-as-a-service (PaaS) environment.
Menefee is looking at potentially moving the home-grown apps that run Schumacher's physician portal, SQL servers and development environment onto Amazon's EC2. Not that he doesn't allow conventional best-of-breed vendors to pitch for the company's business--he just rarely selects them. "Nine times out of 10," he says, "the cloud-based solutions are winning."
Despite his enthusiasm for the cloud, Menefee echoes Kochar: He would like more capabilities for governing cloud solutions, especially given Schumacher's expectation that accounting rules related to the cloud are likely to come under scrutiny in the coming years. Menefee also says cloud providers will need to lower the costs of contract renewals, as CIOs come under pressure to reduce what they spend with their vendors.
Neither of these issues represents Menefee's chief cloud concern. That honor goes to the challenges he faces on the identity management front, where havoc is being wrought by the numerous logins and passwords that employees need to access various applications. He's tackled the issue in part by deploying a single sign-on offering from Symplified. But, the burden of connecting the various services still falls heavily on IT. Menefee believes there's no reason that corporate cloud environments can't benefit from the same kind of identity verification processes used by Web 2.0 sites such as Facebook, which lets users tie third-party applications to their Facebook pages simply by using their Facebook logins.