How mature is the cloud computing market?

Cloud computing in all its forms is attracting a growing following, but without more standardisation and regulation many corporate IT leaders may remain unswayed, writes Martin Courtney

Microsoft’s European Azure cloud services are hosted at its new datacentre in Dublin, one of the biggest of its kind in the world

Analysts are more or less unanimous in predicting a bright future for cloud computing, forecasting that many companies will move individual or multiple applications and services out of their own IT department and into hosted, on-demand environments over the next five years.

Backing up this view, a survey of 200 European chief information officers commissioned by networking and storage vendor Brocade earlier this year found that more than a quarter of large companies were planning to migrate some element of their internal IT infrastructure to a cloud model within the next two years, 11 per cent within one year.

Meanwhile, research giant IDC estimates that globally companies currently spend £10.7bn a year on cloud IT services, with the market predicted to reach £27bn by 2013.

By 2014, the UK alone is expected to account for 29 per cent of that investment, according to Gartner, with financial services and manufacturing industries, telecoms and public sector buyers at the forefront of cloud adoption.

The analyst splits demand for cloud computing services into three distinct categories: software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS).

Categories of cloud IT service provision
The SaaS model has been around longest and is generally well understood. It sees the cloud provider license an application to customers to use only when they need it. The on-demand app is either hosted at the provider’s datacentre or downloaded to the customer’s systems, and usage is disabled once the licence or contract expires.

Perhaps the best-known example of a firm offering this model is on-demand customer relationship management (CRM) specialist Salesforce.com, but the range of SaaS apps available to firms is growing all the time, and includes office productivity (Google Apps), databases (Amazon SimpleDB), messaging and calendaring, online marketing, security, anti-spam, e-commerce, backup, web design and content management.

IaaS typically involves leasing entire system or datacentre infrastructure components, usually server compute cycles and storage, but including networks, and even virtualised platforms optimised for running virtual machines. Grid and utility computing modelsusually fit the IaaS definition, as do online storage services.

Examples include Amazon’s Elastic Compute Cloud, as well as GoGrid and many other specialised compute-on-demand services from vendors such as HP, IBM and Sun Microsystems.

“Using IaaS eliminates the capital expenditure needed when deploying infrastructure or large-scale applications in-house,” says Marion Howard-Healy, author of the report Competing in the Clouds: Emerging Strategies for Enterprise Data Centres, published by IT and telecommunications research and consultancy firm Broadgroup in June. “It enables companies to deal with peak demands and avoids over-provisioning [of IT resources].”

Some vendors have devised software stacks that allow developers to lease all the resources needed to build and test applications for delivery over cloud computing architectures on a pay-per-use basis. Dubbed platform-as-a-service (PaaS), these usually include not just application development software, workflow, development, testing and hosting tools, but also the underlying compute, storage and network resources needed to create web apps from scratch and deliver them over the internet – all available as a single service accessed via the web. Google’s App Engine and Microsoft Azure are among the best-known PaaS products on the market, while Salesforce.com’s Force.com is a good example of a more niche offering, in this case CRM.

“Using PaaS speeds up time to market [for application developers] and eliminates the needs for ISVs and enterprises to invest in and manage underlying infrastructure, but it does mean less flexibility and risks vendor lock-in,” points out Howard-Healy.

EasyJet is using Microsoft’s Azure.Net service to develop its new departure control system, for example, and plans to use the same platform to serve up data feeds for external software developers to access easyJet’s flight availability data.

Some of the larger vendors, including HP, Microsoft and Google, provide multiple instances or all of the above services platforms, bundling their wares into “everything as a service”, or EaaS. Another variation is communications-as-a-service (CaaS), which is less of a cloud service and more of an outsourced model for enterprise communications delivery. CaaS providers usually offer so-called unified communications (UC) packages, which typically comprise voice over IP, instant messaging, videoconferencing and collaboration tools, on a pay-as-you-go basis. The CaaS service provider gives the customer all the hardware and software it needs to establish UC and charges for usage based on the SaaS model.

Broadgroup has also identified sub- processes within the above cloud computing models, most notably business-process-as-a-service, which defines how individual corporate departments, such as human resources, outsource the IT operations supporting specific processes to a cloud service provider.

Public vs private vs hybrid clouds
In all the above cases, the applications or services can either be hosted and delivered by external providers (public cloud) or a centralised IT function that emulates public cloud service provision using internal IT infrastructure (private cloud), primarily for the sake of greater data privacy and security.

Examples of public cloud services are Google Apps, Amazon Web Services and most SaaS models. The government’s recent G-Cloud initiative – a centralised application store, hosted and run within government datacentres but delivering commercial software to public sector organisations – is one example of how a private cloud is at least supposed to work.

Elements of public and private cloud service provision are sometimes combined into hybrid clouds. These could involve Web 2.0 or business-critical applications hosted and supplied by a public cloud provider that integrate with customer data hosted within the customer’s own datacentre, for example. Or where applications are hosted within the private cloud, but access data that industry regulation or data privacy laws do not prevent from being stored within public cloud environments.

In many ways, all three types mirror the application service provider (ASP) model widely used 10 years ago, but Andy Burton, chairman of the Cloud Industry Forum, and also chief executive of UK web hosting company Fasthosts, argues there are a number of important distinctions between cloud and ASP approaches.

“The difference now rather than when we talked about the ASP model back then is that the managed services and applications were proprietary to individual vendors, and built around the conventional wisdom of remote access,” says Burton. “The cloud today is a dynamic infrastructure base where software exists independently of the hardware.”

ASPs also required contractual price and expectations, rather than allowing the customer to pay for resources on demand.

“For example, Fasthosts historically sold infrastructure on dedicated boxes that were invariably from the high end of the hardware spectrum, and customers would have to accept it even if they were not going to utilise all that capacity up front,” says Burton. “In the cloud infrastructure, they just buy what they need today, and ramp up capacity as and when they need it.”

How mature is the cloud computing market?

Cloud computing in all its forms is attracting a growing following, but without more standardisation and regulation many corporate IT leaders may remain unswayed, writes Martin Courtney

Barriers to cloud adoption
While cloud computing can offer many advantages in terms of total cost of ownership and flexibility, many companies are nervous about taking this route because of ongoing security, performance and management concerns.

Larger companies are often subject to security and privacy rules and regulations, which dictate how and where they store sensitive customer data, for example, and do not like data or applications to reside on shared infrastructure that also hosts services for other organisations.

The challenge of integrating cloud applications with internal IT management frameworks, particularly where cross-application regulatory auditing is required, can also prove a deterrent.

The above factors help to explain why there is a clear distinction between how corporates are using cloud computing infrastructure and services compared with small to medium businesses (SMBs), which tend to be those leasing public cloud services, says Burton.

“SMBs have the same drivers, but on a different scale. For them it is more about cost, but also about email, backup, disaster recovery and collaboration tools,” says Burton. “It is either the stuff they do not have the resources to manage in-house or new technology for which they do not have the skills.”

A survey of 95 IT executives conducted at the Supercomputing Conference last year sheds more light on the perceived obstacles to cloud IT provision. It found that 82 per cent were experimenting with cloud computing initiatives, with 45 per cent considering establishing a private cloud. Security (at 49 per cent) was highlighted as the principal concern, followed by management complexity (31 per cent) and initial investment costs (15 per cent).

The picture is far from black and white when it comes to management complexity though, with Gartner arguing that it can be equally as challenging to keep applications and services in-house.

“The challenges inherent in managing technology based on the principles of previous eras – complex, custom, expensive solutions managed by large in-house IT teams – have become greater, and the benefits of cloud computing in addressing these challenges have matured to become more appropriate and attractive to all types of organisations,” wrote Gartner analyst Ben Pring in a research note.

More maturity needed
Evidence that cloud computing is maturing to address those challenges can perhaps be seen in efforts to protect public cloud service security with virtual private network access as well as applications that act as interfaces between private and public cloud services.

Even so, much has to happen before cloud computing provision can be universally accepted by the mainstream business world, including more work around standardisation, greater attention to service level agreements and disaster recovery guarantees, more clarity on legal issues affecting data storage and security in the cloud, and a better understanding of interoperability between vendors’ applications, services and network infrastructure.

“Maintaining trusted relationships [between cloud service providers and customers] is vital for both parties,” says Howard-Healy. “Control is frequently more of a cultural barrier than technology for most large organisations with entrenched processes, policies and employee behaviours.”

Cloud email set to dominate as big vendors start price war

Easily the most popular application for cloud delivery is email, with many organisations, including corporate law firm Eversheds, having shifted their email provision to the cloud within the past 12 months.

And adoption of cloud email looks set to expand further over the next five years, with analysts predicting that providers will use cloud email services as a carrot to tempt corporates into bigger service contracts around collaboration applications.

Microsoft, Google, IBM and Cisco are set to unleash a price war as they compete for customers, according to analyst Forrester, which argues that it no longer makes financial sense for IT departments to host email services in-house.

Forrester estimates that depending on factors such as how efficiently an organisation is run; which version of Notes or Exchange it uses; and its ability to obtain discounts from individual vendors, the cost of an in-house email platform for an organisation employing 15,000 people is $17.83 (£11.45) per employee per month, or $13.32 per employee per month for those employing 45,000 staff.

In contrast, the cost of providing the same function using cloud email is estimated at $11.33 and $9.45 respectively.

“No matter how you look at it, it is cheaper to let someone else run your email in the cloud than run it yourself,” wrote Forrester analyst Ted Schadler.

Google Apps, Microsoft Exchange Online, LotusLive iNotes and Cisco WebEx Mail have pretty much standardised around mailbox sizes of 25GB and a base price of $5 per user per month targeted primarily at small and medium business customers. All support popular mobile devices such as BlackBerrys and iPhones, and provide additional hosted services such as instant messaging, webconferencing, and online team collaboration pages as part of the deal.

But the big four companies will not have it all their own way when it comes to cloud email provision. A multitude of other firms provide the same basic services, if not always with the more advanced collaboration applications thrown in. These include Mimecast, Trend Micro, Rackspace and Fasthosts, which often bundle email security, archiving and filtering into the hosting deal.

Any organisation thinking of moving email to the cloud for the first time should involve their security, infrastructure and operations team in the negotiations from the start, and worry more about getting employees’ email experience right, rather than their calendars.