March 15, 2011

The SaaS Stepping Stone to Strong IaaS Support

Robin Meehan

We recently published an article that provided the opinions of a number of thought and industry leaders on the subject of public cloud viability for mission-critical or business-critical needs. While the responses were rather wide-ranging, there were a few common issues (including matters of cost, security and existing investment) that got Robin Meehan’s wheels turning. Robin serves as CTO for Smart421, a UK-based systems integration and managed services provider, where he specializes in future technology strategy.

As with most emerging disruptive technologies, adoption of public cloud is occurring far more rapidly in the small and medium-sized enterprise (SME) market, with larger enterprises lagging behind and typically focusing on software as a service (SaaS) before they consider  infrastructure as a service (IaaS). 

This is certainly not to say that public cloud is not viable for enterprise use. From what we’ve seen in the market with it is more related to the risk-averse nature of larger organizations–the fact that costs are generally less of a driving force and that there tends to already be a significant investment in their own datacenter facilities (with contractual tie-in periods).  More than one enterprise customer has described this to me by saying “it takes time to turn the oil tanker around”. 

To clarify, let’s look specifically at the issue of cost savings for larger enterprises. Upon first inspection one might expect this to be a significant driver for public cloud adoption in enterprises, but the reality is that when the IT manager of an SME is told to reduce costs they are intimately familiar with their costs base and the associated risks of change, whereas managers in larger enterprises are far more disconnected from the “shop floor” and hence are less well equipped to make cost/risk tradeoffs.

Notably, we’ve witnessed some organizations that have a visionary CIO who “gets it” and accepts that public cloud adoption is not just desirable, but inevitable. These CIOs  would rather have the cost and agility competitive advantage sooner rather than later.  Typically this is triggered by some compelling event – such as hardware or software going out of support or running out of space in the datacenter. 

Despite these compelling reasons, the primary current driver in the enterprise space is definitely agility rather than cost reduction – which is a reaction from the agents of business change who are frustrated with perceived slow and expensive deployment of infrastructure to support new change programmes.

The next step in the organization’s adoption of IaaS involves all the usual challenges of any business change program–people are resistant to change, and see it as a threat to their role.  These barriers can be overcome, but frankly at the moment it’s hard work. 

The usual initial barrier raised is over security, but our response to that is that public cloud security challenge has been solved–we have all the materials and evidence to convince the organization and it just has to be worked through. 

By far the most credible IaaS player in the market is Amazon Web Services (AWS). They provide excellent security certification (ISO27001, PCI DSS Level 1, SAS 70 Type II etc) and supporting materials, so in combination with cloud architecture best practices the data security objection can be addressed. 

Care is needed to compare “apples with apples” here – often the starting point for discussing security is invalid, as it is based upon the assumption that the customer’s existing arrangements are perfect and without risk, which if course is rarely the case!  The bottom line is that if your primary business is financial services/retail/utilities etc – what makes you think you can offer a world class secure datacenter capability that is superior to Amazon, Microsoft, Google etc over the longer term?

Another irony in the current enterprise cloud adoption patterns is the more rapid adoption of SaaS before IaaS.  We know of several large organizations in mobile telecoms and retail insurance for example which are now using for CRM, or maybe WorkDay for human capital management, but which are still reluctant to move their core business-critical systems to an IaaS model.  And yet they have already placed their complete trust in these SaaS vendors – with all their customer data, sales pipelines, staff salaries and dispute proceedings effectively “in the cloud”. 

It feels like there is contradictory position here where concerns about putting this critical data outside the organisation’s boundaries have been addressed, but moving business-critical systems outside the data centre is not on the agenda. The reality that this illustrates is that SaaS adoption is easier, not necessarily safer, and hence adoption has been more rapid.

Loss of control over operational issues is a valid concern however, and public IaaS adoption does require some customer investment in this area.  Assuming an organisation is using ITILv3 based processes in the first place, almost all processes are impacted in at least some minor way, and so organisations need to appreciate this and prepare accordingly. 

For example, now being able to scale “on demand” is great for your organisation’s agility, but not so great if your internal capacity management processes cannot control this new flexibility.  As we’ve adopted the use of AWS for development and test environments internally within Smart421, we’ve had to reconsider our existing ITIL-based support processes accordingly – it’s always a necessary step to “eat your own dog food” before we can credibly consult and provide managed services to our customers.

In summary, it seems that the migration of mission critical applications to public cloud is inevitable, and the earlier enterprise adopters who make it work will gain a competitive advantage that will force their competitors to follow suit, reluctantly or otherwise.  Not all workloads are appropriate for migration but the majority are, and as those compelling events arise that create the need for an investment of some sort then the business case for IaaS adoption will only get stronger over time.

A key dependency that we are tracking is the maturity of AWS’s virtual private cloud offering, which allows organisations to integrate a cloud-based deployment with existing data-centre capabilities.  As this matures, we are convinced that this will become the prevalent architecture for some time, as the reality is that organizations want to “sweat the assets” that they have already invested in.  In the same way that adopting a service oriented architecture (SOA) is in fact a multi-year, incremental journey, so is the move to public cloud. 

The initial usage scenarios we are seeing so far include cloud-based disaster recovery, virtual desktop infrastructure, CRM and billing solutions, but interestingly without exception these are all driven by some kind of compelling event that has raised the question “there must be a better way of hosting these applications than just buying more tin?”. 

In the near term, we expect public cloud adoption will continue to be opportunistic, on a project-by-project basis.

Share This