A lot has changed in a few years.
When I talked about cloud three years back, I got frownie-faces from my peers. Skeptical looks that belied a deeper-seated fear or trepidation, probably having more to do with their internal image of what a CIO should be than the promise or peril in the new technology.
Now, enthusiasm runs ebulliently through the vendor community, animating the animal spirits and spurring on entrepreneurs in search of profits and glory. Cloud has been elevated to high strategy on the billionaire chess board. Mergers and acquisitions are abuzz. Amazon, armed with an overly energetic workforce, gets hypercompetitive in all ways good and ill, supplanting Oracle as one of our most vociferous vendors and perhaps the new alpha predator. Numerous smaller vendors -- tiny even in the aggregate, compared with Amazon's might -- are quickly learning the new cloud lingo, differentiating themselves from Amazon and contemplating symmetrical and asymmetrical warfare. Today it's Everyone vs. Amazon.
In the CIO office, hybrid cloud is not avoided and is now assumed. CIOs are no longer fearing it, but trying to rope it in. The corporate data center business is officially in decline. Legal staff are taking a closer look at all the agreements the business people previously signed willy-nilly. Like a formerly thrill-seeking teenager who has sworn off having secret parties while her parents are away, business users may be getting over their glee in the power of their corporate credit cards and starting to work more maturely with central authorities in cloud contracting.
Amidst all this market kerfuffle, my teams are currently immersed in a slightly provocative and full-throated effort to vacate our data center. We have been looking around to see how the marketplace has shifted, where it has not, and, more importantly, what threats we are likely to face as we all go to the cloud. We have found seven of them.
THE 7 BASIC THREATS IN CLOUD COMPUTING
1. Sticky Mental Models and Behavioral Inertia
Despite the vendor enthusiasm for enterprise-class infrastructure as a service (IaaS suitable for corporations big and small), we have discovered that a fair number of these vendors, even the leaders, keep applying old managed services and colocation contract thinking. For me, the key difference between cloud infrastructure and all other forms of procurable infrastructure is that in cloud infrastructure, you pay based on actual consumption of CPU, memory, storage, and networking use, and in much smaller increments. The fundamental algebra in the pricing is based on virtual servers, virtual storage, and virtual networks. In old managed services and colocation deals, the basic economic unit is square footage in rack space.
The two pricing models are very different. In a square-foot rack space pricing model, the customer is responsible for all unused cycles, unused network usage, unused memory, and unused storage. In a true cloud contract, the vendor is responsible for managing the vacancy rate. While this sounds hard on the vendor, it isn't. Vacancy rates in corporate data centers are very high. A cloud vendor can resell that vacancy and collect more profit per square foot as each server is potentially maximally used. Moreover, companies all vary in their usage over time. The more heterogeneous and larger the customer base, the more predictable aggregate growth and consumption patterns become.
The problem is that vendor salespeople and architects can't seem to get colocation thinking out of their heads. We find ourselves constantly reminding vendors to pursue Amazon-like pricing models. Even after the contract marriage ceremony between us and the vendor, we still need to remind them to be faithful to their contract promises as we walk down the aisle. If anything defines the competitive landscape in the cloud, it is exactly this inertia. The only way Amazon's competitors can match Amazon's price-performance ratio is to maximize their infrastructure usage. The only way consuming companies can break through to new levels of IT price performance is to shatter these sticky mental models and ensure behavioral compliance from everyone each step of the way. Change is hard even when you would think profit motives align. For all parties, the real "switching cost" to a new model is the effort to learn the new cloud dance.
2. Contract War
Enterprise IaaS is different from what we know as "public cloud" in one respect. Enterprise contracts have terms and conditions altered to address the needs of the client. Typical areas include exactly what risks and liabilities each party will accept and which risks and liability they cannot accept, which national or state laws must be respected, in which country or state parties can sue, and contract language that might have to address custom technical configurations or integrations.
In addition to these contract issues, the large public cloud providers -- Google, Amazon, and Microsoft -- all engage resellers to handle transactions with companies. For companies wishing to use the big three in their portfolio of cloud options, reseller agreements become important. Amazon may have specific terms and conditions that it wishes to ensure are present in all agreements its resellers make. Right now we are detecting fights between Amazon and its resellers as to whose agreement reigns supreme. In many cases, Amazon has the right to terminate reseller agreements on short notice. If services have been prepaid, it might not be clear if the end customer is out money and workloads should a reseller be terminated. Furthermore, each of the big three can decide to manage their reseller channel differently, giving resellers more or less discretion on what additional contract terms the resellers can offer.
Unsurprisingly, this new value chain has sprouted, looking very much like value chains in other industries with all the attendant power struggles between players. Unsuspecting client companies may become collateral damage along the way. I urge everyone to read all these agreements and contracts carefully, or hire someone with the technical, financial, and legal expertise to help. Yes, there are vendors very willing to part fools from their money.
3. Black Swan Events
While on the surface Amazon looks like a juggernaut poised to be a monopoly in the IaaS market, its experience with diverse and complicated needs from midsized to large corporations is rather thin compared with the long-time data center outsourcing firms of yore. From my perspective, the enterprise IaaS market is a jump ball. It is not clear anyone will dominate. However, should Amazon or Microsoft or Google become a near monopoly in this market, it raises a question: will they be too big to fail? While people often scoff at the idea of one of these firms having a drastic financial or technical failure, given events in the last couple decades, this question deserves a good hard look. It is very likely a sizeable percentage of the worldwide economy will be dependent on this new infrastructure.
If software products based on IaaS become complex and depend on many other vendors and firms using the same or different IaaS providers, a failure of one of these firms could cascade to all of its customers and so on. While today the IaaS supply chain is probably very flat, meaning each software vendor does not depend on another firm also dependent on IaaS, the future holds no such guarantees. Since the supply chain in IaaS can be obscured from view, it is impossible to know what the interdependencies may be. Such murky network failures were at the heart of the 2008 financial meltdown, as firms were unsure which of their financial products had hidden risk in them.
Other disturbing scenarios assuredly lurk, or so my nightly dreams tell me. We need people now who excel in these scenarios to counsel companies. With so much blue sky thinking abounding, we need black swan1 experts more than ever.
4. No Credible Threat of Defection
Great salespeople instinctively know when customers are locked in -- and can exploit the situation when they are. Don't fool yourself that this calculation does not cross the minds of your favorite vendors. They would not be worth their weight if they hadn't honed this basic instinct. What firms have to do is invest enough in diversity in the IaaS supply chain to maintain a credible threat of defection. Unfortunately, the current cloud contracts tend to charge you nothing to place data in their flytrap IaaS environment; they only charge you when you take the data out. These costs can be significant if not exorbitant. Like Hotel California, you can check in anytime you like, but you can never leave.
The good news is that there are a few IaaS providers that have attractive network egress pricing. Over time, I suspect and hope that we will see different pricing models to serve different customer needs. However, this won't happen as long as CIOs are incorrigibly risk-averse and keep securing long-term, single-source contracts with no credible threat of defection.
Compared to other industries, the IT supply chain is overly simplistic. Moore's law has aided this process, providing us with new crops of CPUs and storage options that deliver a lot more for a lot less. This, too, is ending. But if CIOs don't establish enterprise architectures and associated procurement vehicles that provide possible escape routes, the new enterprise IaaS will look very much like the old managed service colocation contract.
5. Poor Workload Resource Consumption Vector Analysis
If one carefully measures the actual RAM, CPU, storage, and network usage an application actually consumes and then compares this to the resource bundle pricing formula Amazon or other enterprise IaaS providers utilize, you will notice glaring mismatches. The application may consume less CPU or RAM than the vendor offering provides. The "vacancy rate" (percent of unused resources) for the application might be still too high. While the IaaS vendor may be giving what looks like an excellent price, customers may be paying two to three times what they should.
What can be done about this? This is a hard problem to solve. Vendors cannot resell your unused resources unless they can define the contours of the container precisely around your workload parameters. Doing this would require a level of granularity in pricing (metering) and in technical isolation that may not be feasible. Nonetheless, Amazon leads the way with a variety of package "sizes" (instances) to choose from. What companies need to do is measure their workloads carefully and select the right resource consumption package and pricing model from the vendor.
Companies will also have problems judging whether the services the contract says they are receiving are actually being delivered. In industries that move physical goods, independent verification of the meter or scale being used to measure the commodity is common. Perhaps down the road we may see independent metering companies, probably looking like cloud contract auditors, which will require providers to open their books and show clearly that the service described is accurately measured.
My hunch is that this pricing flexibility will be a promising area of development for competitive IaaS providers. Can virtual offerings be dynamically reconfigurable to constantly seek the best match between the pricing vector and the workload consumption vector? At least one curious mind wants to know.
6. Continued Merger Activity
Oh my! In the space of a few months, a good piece of the emerging enterprise cloud market quickly aggregated. Some time ago, IBM bought SoftLayer, Cisco bought Metacloud, EMC bought Virtustream, and Dell bought Enstratius. Just recently Dell saw everyone's bet and raised them, oh, $67 billion by buying EMC. Game on!
While aggregation does provide some scale advantage, the removal of choice in the market is concerning. Most big IT vendors do not like to compete on price day in and day out. With infrastructure cloud moving to a commodity and Amazon setting the competitive table, the aggregation occurring is designed to help the acquiring firm reduce competition and get scale. An opposing force to this consolidation pressure is midsized competitors that can cleverly manage their customer workloads and still achieve great price-performance ratios. A looming question is whether this opposing force is enough to ensure diversity and competitiveness in the supply chain long term. Will the market get dominated by four or fewer players providing 80% of the supply? If so, I don't think this development will be good for consuming companies.
7. Data Sovereignty Concerns
Perhaps the most intriguing of trends is the notion that countries are taking control of their cyber infrastructures and treating them as national assets worthy of control and defense. For multinational companies, this poses a challenge in that workloads will need to be carved up along national lines and, more specifically, around the data in those workloads. This, of course, provides opportunity for cloud providers to add services ensuring that workloads reside in different regions.
But what happens in a state of war? What does a global telecommunications and data infrastructure look like when the economic foundations of most counties are supported by international flows of data and a future infrastructure is demarcated by national boundaries with data "immigration officers" at each border? For now, the more vexing data sovereignty issues are contained and pesky, not virulent. But what of tomorrow?
If this data sovereignty pressure continues or grows, I suspect more interesting network and workload designs that package security with the data will be much more prevalent. Parents: tell your kids to go into IT security!
WHAT WE DO NEXT WILL DETERMINE THE OUTCOMES
An old maxim is that no individual determines market pricing; the market does that. Likewise, no individual company, buyer, or seller in this new value chain will fully shape the final outcomes. To a large extent, the powerful forces of fear and greed, collectively expressed one deal at a time, will shape this market space. Together, what CIOs and their companies do next will determine the outcome.
Perhaps the critical questions for CIOs are these:
Do you believe a change in IT supply chain management is occurring and is going to affect you?
Does a diverse, competitive supply chain in IT make a difference for your firm?
Do alternative models, not yet discussed adequately here or in the industry press, exist?
Is your company positioned to take advantage of these shifting market forces?
What will you do next?
From my perspective, it looks as if companies are wanting things that can only be found in the darkness on the edge of cloud. Our job is to shed more light on these things.