Cloud Computing's Vendor Lock-In ConundrumBy Alexander Pasik, PhD
Cloud Computing's Pros and Cons: IEEE CIO Weighs In
According to the National Institute of Standards and Technology (NIST), cloud computing is a model for enabling on-demand access to a pool of computing resources that can be provisioned and released with minimal effort.
Furthermore, NIST categorizes cloud computing into three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Each has distinct advantages and disadvantages that impact the information technology (IT) efforts of an enterprise as well as its business practices and finances.
As the CIO's role evolves from pure IT service provider toward full partner in defining and executing enterprise strategies, you'll find yourself navigating those pros and cons of cloud computing.
The Service Models
The spectrum of cloud computing service models ranges from IaaS to PaaS to SaaS, with subtle variations in between. These models can be understood according to the increasing levels of IT services that each provides, along with the concomitant increasing levels of control that the enterprise must relinquish to the cloud provider.
IaaS providers deliver virtual server environments to the enterprise, upon which the IT department deploys all of the software layers it chooses.
PaaS providers deliver similar virtual server environments, but preloaded with specific operating systems, database systems, and development environments, thus decreasing the amount of effort needed by the IT department in setting up and maintaining those layers, but restricting the environments' use to development and deployment upon those layers.
SaaS providers deliver fully functional applications that are accessed by end users via thin clients like web browsers; they do not expose the underlying layers to the customers.
The spectrum of cloud computing service models offers an increasing collection of managed IT services with concomitant decreasing control and flexibility.
The three cloud computing service models all provide varying levels of economies of scale, impose varying degrees of vendor lock-in, and have their own issues with regard to systems integration among the various on-premise and cloud systems that are deployed. Furthermore, the suitability of cloud computing varies with regard to IT and business maturity.
Cloud Computing's Varied Economies of Scale
The value proposition for IT has always been economies of scale. IT enabled the growth of businesses by allowing for massive transaction speeds and volumes. In computing's early years, the expense associated with data centers resulted in time-sharing -- a few businesses investing in mainframes, and others buying processing and storage from them.
Microprocessors and storage in the 1980s resulted in a backlash against centralized data centers; since hardware was so cheap, why not localize IT and ignore any savings from reuse? However, by the 1990s it was clear that despite low-cost processing and storage, IT costs escalated dramatically due to the management and maintenance associated with highly distributed, unshared, and under-leveraged resources.
Cloud computing represents a return to time-sharing, but leveraging the advances of the last 30 years. All of the service models enable some economies of scale. In IaaS, the data center (real estate, power, cooling), the processing and storage hardware, and the firewalls and networks, are all shared among the cloud provider's clients. Fixed costs are distributed, resulting in savings that can be shared among the provider and clients. At the opposite end of the spectrum, SaaS providers run complete software applications designed for multitenancy -- adding a client to Google Apps does not require Google to roll out new servers, databases, and software specifically for that client. The economies of scale for such multitenant SaaS solutions can be enormous, often in excess of ten-fold savings.
As the spectrum of these economic benefits is large, it is important that CIOs considering cloud solutions realize that those economic benefits will be less (and perhaps non-existent) for IaaS. That is, whereas there are compelling non-economic arguments for IaaS, economies of scale are best realized via SaaS.
Cloud Computing's Vendor Lock-In Conundrum
As economies of scale improve, vendor lock-in issues are increasingly cumbersome. In IaaS environments, since the client maintains complete control of the software layers deployed on the provider's servers, it should be a straightforward exercise to migrate those virtual environments. However, the migration of an enterprise's financial systems running in a SaaS environment presents a substantial challenge. Nevertheless, it is important to note that this disadvantage of SaaS stickiness is no more onerous that the stickiness of equivalent on-premise solutions. Therefore, the vendor-lock-in spectrum should not be considered either an advantage for IaaS or disadvantage for SaaS based on their cloud nature.
Cloud Computing's Systems-Integration Challenges
Systems integration has always been a challenge for IT organizations. A proper implementation of a cloud solution should neither ease nor exacerbate this challenge. For IaaS, the burden on IT is to implement a hybrid cloud. That is, by implementing virtual environments on premise similar to the cloud provider's, the integration of systems should be handled similarly to traditional integration tasks.
For enterprises prepared to commit to a single development platform, PaaS solutions offer streamlined integration within the offered platform; however, integrating those systems with others involves not only traditional integration challenges, but also new ones involving the transformations between the on-premise and cloud environments.
With SaaS solutions, the cloud provider wholly controls each system. In some cases, they cannot be integrated with others at all. But, increasingly, SaaS providers are offering application programmer interfaces to enable integration. At a minimum, CIOs should insist on identity integration capability so that SaaS and on-premise systems can share single-sign-on features.
Overall, cloud-to-premise integration presents a growing challenge for hybrid environments and an emerging requirement for mature tools. There are some existing vendor offerings available, but the costs of these tools must be factored into the decisions.
Cloud Computing's Inertia Dilemma
An enterprise's size and maturity, or enterprise inertia, has a profound effect on its ability to exploit cloud computing. As enterprise inertia increases from infancy (start up) to mature (large enterprise with well developed IT exploiting virtualization), the ability to leverage the benefits of cloud computing starts high, then decreases, and then increases again.
Infant companies with no IT investment are ideally suited to forgo on-premise IT, immediately implementing cloud solutions. SaaS solutions can be selected for well-defined applications with PaaS or IaaS leveraged for custom systems.
On the other end of the inertia spectrum, mature enterprises having implemented a private cloud can easily extend into the public cloud for managing load requirements, data center expansion, or specific SaaS offerings.
The most difficult situation is encountered with adolescent enterprises invested in on-premise non-virtualized data centers with custom enterprise systems. These CIOs face the most daunting challenges with cloud solutions due to systems integration issues.
Cloud Computing's Security Questions
Finally, no conversation about the pitfalls of cloud computing is complete without discussing security. "How can you expect me to house my precious data in the cloud? It can't be as secure as in my data center under my control!"
The argument is powerful, despite its core flaw: an effective cloud provider, whose business is managing a multitenant data center, invests far more in security that an enterprise whose business is not data center management.
Indeed, it is akin to your money being safer in a bank than in your mattress. But, the psychological barrier still exists in the illusion of security within an enterprise's walls. Perhaps that fear can be mitigated with cloud insurance in which insurance against security breaches is available at discounted rates over similar insurance for on-premise data security. Such discounted rates should be available based on the level of investment in security technologies that the cloud provider maintains.
However, even if these barriers are overcome, satisfying security concerns, a remaining issue is the lag between reality and law. Specifically, even if it becomes obvious that data are more secure with a cloud provider than within an enterprise, archaic laws may demand on-premise data. Eventually, laws should reflect reality, but it will take time.
Cloud Computing's Future
Darwin's theory of natural selection works in technology markets. Although there are fluctuations in adoptions that lead to temporal suboptimality, eventually the market will select solutions that best fit the requirements of society.
The economic benefits of cloud computing will overwhelm the obstacles, demanding solutions that overcome them. There are pitfalls and caveats that CIOs and CEOs alike must beware of in adopting cloud computing, but the biggest mistake of all is to be left behind as competitors take advantage of this inevitable future of the IT industry.
About the Author
Alexander Pasik, PhD is CIO of the IEEE and Adjunct Associate Professor of Computer Science at Columbia University in New York City. You can reach him at firstname.lastname@example.org