The uncertain future of cloud computing seems to have stabilized among IT leaders with the acceptance of infrastructure as a service (IaaS). IaaS is here to stay in many organizations, especially smaller firms and startups, and it will be the dominant form of corporate IT infrastructure in the coming years. With the breaking of Moore's law (at least for the foreseeable future and with regard to silicon-based computing), IaaS may provide everyday computing cost benefits thanks to the efficiencies large-scale dedicated vendors can provide.
But many organizations, most notably the larger and more conservative companies, are still on the fence about moving their infrastructure to an IaaS model. IaaS can be deployed in different models, including on-premises and off-premises, managed by a third party or managed internally, and/or using private or public cloud environments.
Which model(s) should an organization adopt? How do firms know if moving their hardware, software, servers, storage, and other infrastructure components to a third-party provider is right for them? Should they consider IaaS only for temporary or experimental workloads? Also worth considering and planning for are the technical/security risks, scalability, and legal/contract issues that are critical to a successful IaaS platform deployment. In this issue of Cutter IT Journal, our authors share their insights on the issues organizations should contemplate before moving to IaaS.
IN THIS ISSUE
We begin the issue with an article by Cutter Senior Consultant James Mitchell and his colleague Frank Khan Sullivan who offer CIOs and their organizations advice on running a successful cloud RFP. Using a dining analogy to demonstrate why a multi-vendor approach provides more flexibility, reliability, and lower costs, they ask, "Are you worried that even if you went to that single restaurant that had everything you wanted on the menu, the quality might degrade over time?... No single cloud vendor is good at everything." Observing that cloud's cost-cutting promise depends on sharing, they counsel organizations to specify their requirements "in the middle of what the market offers," as overly specific requirements and the attendant customization will drive up costs. They also suggest that working with a cloud financial broker can help organizations maximize their vendor choices and get the best price overall.
From such high-level concerns, we turn our attention to the cloud's underpinnings in Lukasz Paciorkowski's article on cloud-native design. While he acknowledges that the subject of building and operating cloud-native applications "is a very technical discussion," he argues that "it can have a profound impact on the business and operational model, [and thus] it should not be ignored by anybody who is serious about capturing the value of cloud computing." After exploring the techniques, platforms, and powerful new tools that make this design approach possible, Paciorkowski outlines the business benefits of cloud-native design and discusses the characteristics that might make an organization a good -- or not so good -- fit for this emerging solution.
In our next article, Saman Michael Far takes us from theory to practice in his case study of IaaS implementation at FINRA, an independent nongovernmental organization that monitors and regulates US securities trading. Seeking to reduce its infrastructure spending, automate its production support, and increase its analytics capability, FINRA found that moving to a virtual private cloud using Amazon Web Services (AWS) and open source platforms was the best way to achieve its objectives. Far discusses the reasoning behind this decision, as well as many issues organizations face when moving to the cloud, such as security, business and architectural concerns, disaster recovery planning, and impacts on culture.
Next, Annie C. Bai reminds us that "information security can never be fully outsourced." As tempting as it might be to consider security, privacy, and data integrity someone else's problems once you move to IaaS, the unfortunate truth is that all these things are still your organization's responsibility. After all, she notes, "it is your business that will suffer the consequences of any interruption of access or any flaws in your data integrity." Bai gives recommendations for addressing these issues in legal agreements with your provider, so that if outages or data breaches do occur, the vendor will provide redress. "There will be some unforeseen hiccups with IaaS," Bai notes, "but their impact will be mitigated if your operations plans are in place and your legal protections are in order."
Looking ahead as IaaS and cloud technologies advance, in our final article I identify seven threats in cloud computing that are likely to have adverse impacts. These are:
The behavioral inertia in vendors and companies around adopting the new cloud economic model
Struggles for dominance between cloud providers, resellers, and end-using companies regarding contract terms
A lack of imagination and planning regarding significant potential IaaS market failure or other black swan events
Companies providing no credible threat of defection, thus allowing vendor lock-in and lack of price-performance competitiveness
Poor understanding by companies regarding how their workloads actually consume IaaS resources, preventing companies from extracting full value
Continued merger activity in the market, which can reduce supply chain diversity and competitiveness
Difficult considerations regarding countries that insist data for their companies cannot leave their borders, also known as data sovereignty concerns
I believe that, collectively, CIOs and their companies will have more to say about how the IaaS market unfolds and that CIOs have a responsibility to shed light on these issues.
Taken together, the articles in this edition of Cutter IT Journal show clearly that IaaS is being adopted rapidly, and the complexity within IaaS requires careful thinking, planning, and implementing. If there is one thing to glean from this issue, it is that not one of our authors describes technical inadequacies in the IaaS market as a showstopper. Instead, our authors' eyes are on the pricing, contractual, organizational, implementation, and high-level risk management topics. CIOs and their companies have technical options so long as they can see their way through these issues.