Contracts in the Cloud

By Tony Kontzer  |  Posted 01-07-2011

Cloud Forecast 2015

In Summary

  • Who: IT leaders from Gartner, The Washington Post Co., The Schumacher Group, The Guardian Life Insurance Co. and others
  • What: Discussing their expectations and requirements for cloud computing to evolve
  • Why: To help shape your strategic business and technology decisions

At long last, the hype behind cloud computing has become reality. Companies of all sizes have discovered the benefits of the cloud and are flocking to it in all its forms--public, private, as-a-service, as-a-platform, as-an-infrastructure. Yet, even as enterprises step up their use of cloud computing solutions, numerous factors need to be resolved before the cloud becomes a viable option for mission-critical applications. By 2015, CIOs and other IT leaders interviewed by CIO Insight say they expect many of these issues to be sorted out. Specifically, in the next five years, maturity is expected in three key areas:

  • the contracts offered by cloud suppliers;
  • the tools to govern cloud resources; and
  • interoperability between cloud technologies.

(For top tips from these industry leaders, read Your Cloud Checklist for 2015.)

Many CIOs see the value in cloud-based products and services. At the same time, they're finely attuned to the cloud's shortcomings when it comes to delivering secure and reliable options to existing storage and application needs, especially for their mission-critical requirements. At the top of the wish list for Yuvi Kochar, vice president of technology and CTO for The Washington Post Co., is contract language that covers the service guarantees he seeks. Kochar staunchly supports using resources in the public cloud. But, he's increasingly concerned about the portability of the ever-growing volume of critical business data he's putting in the hands of cloud providers.

Kochar says he has no assurances that pulling data from providers will be as easy as giving it to them. "It's worrisome that we're all jumping on this thing," he says. "There are no contract agreements that talk about bandwidth when you're leaving, but they offer a lot when you're coming in."

Kochar has plenty of experience to back up his claims. He's overseen a flood of cloud deployments at The Washington Post. Applications ranging from performance management and recruitment automation to travel services and expense management have been handed over to a variety of niche software-as-a-service (SaaS) providers.

Web sites such as the recently sold Newsweek and the politician profile wiki have been entrusted to's Elastic Compute Cloud (EC2) on-demand computing service. Kochar also has been evaluating GoogleApps and Microsoft's Business Productivity Online Standard (BPOS) Suite as possible messaging and collaboration platforms, and he has seen the company's research and development group make good use of EC2 to fill temporary processing needs.

Given The Post's confidence in cloud technology, it's especially frustrating for Kochar that cloud vendors haven't begun offering the level of service guarantees their customers need. "Am I ready to put my ERP system in a public cloud environment with whatever promise Amazon might give me in an agreement?" he asks. "Probably not."

Improved service guarantees aren't the only thing Kochar wants to see from cloud providers. He says there's a "very intense need" for tools to monitor and manage applications in the cloud in real time. Without them, he has to rely on cloud vendors to report uptime and downtime statistics. Waiting for them to do so increases the risk of providing a poor customer experience. "If a story doesn't come up on a site fast enough," he says, "the reader's probably gone."

Contracts in the Cloud

Kochar's concerns should be addressed over the next few years, says Daryl Plummer, managing vice president and fellow for IT consultancy Gartner. He says that by 2015, cloud vendors will understand that CIOs need to be able to audit cloud-based systems and receive guarantees about providers' liability should their systems experience failures. Such assurances will be injected into service-level agreements embedded in contracts. He also says that IT executives' calls for tools that help them govern how--and with whom--employees provision cloud resources will be answered.

Plummer adds that he expects to see "cloud brokerages," or intermediaries, emerge to help enterprises get  what they need from the cloud.

That's good news for Douglas Menefee, CIO for The Schumacher Group, Lafayette, La., a physician-owned company with more than 1,500 employees that manages emergency departments for nearly 200 hospitals across the United States. Menefee has overseen an aggressive cloud strategy that has Schumacher running more than 80 percent of its business processes in cloud solutions today, many of them custom applications built using's platform-as-a-service (PaaS) environment.

Menefee is looking at potentially moving the home-grown apps that run Schumacher's physician portal, SQL servers and development environment onto Amazon's EC2. Not that he doesn't allow conventional best-of-breed vendors to pitch for the company's business--he just rarely selects them. "Nine times out of 10," he says, "the cloud-based solutions are winning."

Despite his enthusiasm for the cloud, Menefee echoes Kochar: He would like more capabilities for governing cloud solutions, especially given Schumacher's expectation that accounting rules related to the cloud are likely to come under scrutiny in the coming years. Menefee also says cloud providers will need to lower the costs of contract renewals, as CIOs come under pressure to reduce what they spend with their vendors.

Neither of these issues represents Menefee's chief cloud concern. That honor goes to the challenges he faces on the identity management front, where havoc is being wrought by the numerous logins and passwords that employees need to access various applications. He's tackled the issue in part by deploying a single sign-on offering from Symplified. But, the burden of connecting the various services still falls heavily on IT. Menefee believes there's no reason that corporate cloud environments can't benefit from the same kind of identity verification processes used by Web 2.0 sites such as Facebook, which lets users tie third-party applications to their Facebook pages simply by using their Facebook logins.

"They need those prebuilt connectors," says Menefee. "I don't want people coming to IT asking to build connectors. If we could just transfer the consumer Web into business, we'd be in great shape."

Cloud Integration Advances

Elsewhere, CIOs are seeking other cloud integration advances. Frank Wander, corporate CIO for The Guardian Life Insurance Co. of America, has implemented a variety of SaaS services, with the latest being ServiceNow's IT service-management application. Yet, when it comes to infrastructure, Wander believes establishing a virtualized private cloud is the right first step while waiting for infrastructure-as-a-service (IaaS) providers to be able to handle Guardian's complex environment.

In the meantime, he'd like to see tools for transferring workloads between a company's internal cloud and external cloud resources such as EC2, which he's considering tapping for temporary processing capacity to perform risk analysis. "That type of bridging software, where we could take a workload and move it into the cloud seamlessly, would be a great help," says Wander.

Help is on the way there, too, says Dan Kusnetzky, distinguished analyst with the Kusnetzky Group. Today, vendors backing standards such as VMware's Open Virtualization Format (OVF) and the Linux-centric kernel-based virtual machine (KVM) infrastructure claim their machines are the most reliable. By 2015, one or the other is likely to have established widespread acceptance, making the transfer of virtual machines much easier. "Those battles should have been fought by then," says Kusnetzky.

Meanwhile, Citrix Systems in October introduced a cloud-bridging tool, OpenCloud Bridge. However,  because it requires that both sides of the data transfer be running Citrix's NetScaler server technology, it's not compatible with many cloud services.

Even small companies find that the cloud can't do all they need. Mountz Torque, a San Jose, Calif.-based maker of custom fastening tools, moved its entire business onto NetSuite's small-business cloud service in 2006 after the vendor added a stock-management feature. Now, CFO Gregg Johnson, who also acts as the 60-employee company's one-man IT shop, says he wouldn't even consider bringing anything back in-house.

That said, he'd love to see NetSuite integrate with Success Factors, a cloud-based performance appraisal application Mountz recently began using. Given NetSuite's past willingness to add to its service for Mountz, it's likely the vendor will deliver on his wish, which will only strengthen his support for the cloud. "I don't see how anyone can go wrong with cloud computing," says Johnson.

A growing number of big-company CIOs agree, and as cloud vendors bend to their will with a steady flow of management tools, assurance-packed contracts and increased interoperability over the next few years, that number will only get bigger.