The concept of an infinitely flexible, agile, mobile, enterprise-friendly, omnipotent provider of all IT needs is as elusive as it is attractive. In many ways it was fitting that it should end up with the moniker cloud computing - a joke that cannot be lost on vendor executives charged with selling the nascent concept to suspicious information chiefs during the past couple of years. Elastic resource provisioning, software as a service, infrastructure as a service, platform as a service, pay-per-use servers and storage - cloud computing means different things to different people depending on the specific demands of their business.
But research shows that although it has been weighed down with excessive vendor hype like so many technology trends before it, the concrete application of enterprise-level cloud computing is fast becoming a reality, and could soon become the norm.
A recent analysis by research firm IDC forecasts a stark increase in the uptake of services originating from server virtualisation and data centre optimisation this year.
More than hype
IDC, in its Worldwide IT Cloud Services Forecast (October 2009), predicts 2010 will be the year that cloud becomes more than just hype and settles into a more concrete, modular and return-based role within organisations across the region.
IDC research manager Matthew Oostveen predicts organisations looking to consolidate their infrastructure and reduce operational expenditure will increasingly turn to cloud solutions to meet those needs. "Cloud computing represents a new dawn in enterprise computing and business leaders are beginning to ready their companies for the big changes that lie ahead," he says.
"Australians are a tech-savvy bunch so it stands to reason that it has the leading uptake of server virtualisation in the Asia-Pacific region, which has led to a large installed base of virtualised servers with high levels of services attached."
IDC predicts global spending on cloud computing will more than double over the next three years to an estimated $US44.2 billion ($49.7 billion).
It expects cloud services - delivered via preconfigured, remotely managed private infrastructure appliances - will become increasingly affordable and therefore more readily implemented in 2010.
As a result, small and medium-sized businesses are expected to be a growth market for cloud solutions and IDC believes vendors will step up efforts to target this market over the next 12 months.
However, although the groundswell is definitely building, there is still widespread confusion over what exactly cloud really means in an enterprise context and what results are genuinely achievable today.
Analysis of Australian companies identified as early adopters for the technology, conducted by KPMG, suggests that while some local enterprises, including some large corporations, are already following a "zero software strategy" through aggressive cloud adoption, a wide variance in the maturity and quality of services and providers was posing a handicap to organisations seeking to reach enterprise-level agreements.
The report also reveals ongoing anxieties about the cloud-based model, particularly in relation to regulation and jurisdictional issues for offshore data storage.
The backbone of cloud computing is US-based - Google, Microsoft, IBM - potentially exposing Australian information to US jurisdiction and placing it within reach of the Patriot Act.
Needless to say, Australian corporations, and particularly public sector and government organisations, find it difficult to reconcile themselves to possible monitoring and even prosecution by the US government.
A survey commissioned by Microsoft found more than 90 per cent of business leaders were concerned about the security, access and privacy of their data in the cloud. It called for the introduction of legislation by the US government to specifically deal with concerns and issues that surround cloud computing.
But in addition to problems arising from US-based hosts as other governments begin to ascertain the potential threats - and in some cases intelligence opportunities - created by the pervasive high-level engagement people now have with technology and the internet, other similar exposures arise from information hosting on European or Asian soil as well.
As a result, vendor assurance of protection against this kind of prying has been found to be a priority for organisations entering or extending their cloud presence. In addition, a lot of companies and bodies are nervous about relinquishing control of their data to third parties and remote locations.
The KPMG report said that although respondents universally expressed concerns about security in the initial stages of their deployments, most readjusted their view after evaluating the security capabilities of providers.
It found that where senior IT executives were initially concerned about the dangers of moving information off-site, and therefore outside the control of the corporate firewall, they typically came to think of IT security in relative terms, acknowledging the failings of their own onsite systems as well.
This realisation of relative security parameters diluted their security concerns about off-site hosting and in some cases actually led the organisations to conclude cloud computing improved their security measures because of vendors' abilities to dedicate more resources to protection.
Increasingly, these companies are moving beyond accessing peripheral applications from the cloud and using services to access more strategic and sensitive applications, the report said.
Ovum senior analyst Laurent Lachal says cloud computing is really still in its infancy and that as the market matures the landscape will feature more and more hybrid clouds.
In this context, hybrid refers to a combination of both private clouds only made available for use by a specific organisation, and public clouds whereby the same organisation can remotely access tools and services from infrastructure that is shared by others.
"The past 18 months have seen a significant shift in focus away from public clouds towards private ones, owing to a powerful mix of vendor push and user pull," she says.
Although the private cloud is to a large extent just a rebadging of what data centre-focused hardware, software and service vendors have been doing for a decade, Lachal says concerns about the reliability, scalability and security of public clouds has encouraged the recent growth in demand.
Given a large variance in the requirements, pressures and concerns of organisations, cloud strategies have a tendency to look very different from one another.
In the end there are no hard and fast rules about how a roll-out should look or work, so different core drivers, schedules, security and capacity demands mean no two cloud deployments are completely alike.
Lachal predicts companies will end up adopting a patchwork of solutions to meet their specific needs.
"Enterprises will mix and match public and private cloud elements with traditional hosting and outsourcing services to create solutions that fit short- and long-term requirements," she says.
Bits and atoms
In terms of early adoption, technologists can usually count on the education sector. Cloud computing has been no exception.
One of the primary features of a cloud environment is accessibility by multiple participants, simultaneously, regardless of physical location. As an industry dependent on the ability of students and lecturers to access information, participate in discussion or contribute to research, the cloud concept immediately appears advantageous.
Moreover, as competition for the international student dollar intensifies year after year, distance education facilitated by online components is also an attractive option.
By now, most of Australia's higher education institutions have begun a transition to external cloud providers for their student and alumni email services.
There are two main competitors in the market - Live@edu by Microsoft and a Gmail-based solution from Google - but both have struggled to win the confidence of Australian educators beyond the student body because staff email is held to a higher mandate of legal protection and accountability in terms of privacy.
Peter Nikoletatos, chief information officer at Curtin University of Technology in Perth, explains that the legislative requirements for the two groups are different.
"In terms of staff and research, we have considerably more concerns about privacy and security," he says. "There are also different risks and implications around what happens if the data is ever misused or misrepresented anywhere."
But it seems those initial barriers are beginning to come down.
Marc Bailey is the new CIO at Macquarie University in Sydney. Only four months into his tenure, the university has made an Australian-first decision to migrate its staff email onto the cloud.
He says that while there were definite reservations, Google had come up with a solution that adequately appeased their concerns following lengthy discussions.
"We had to work pretty closely not only with our community at the university, our academics, in finding out what was most important to them, but also with the provider to get a deal done," he says.
"We had to deal with issues of data patriotism: where was the data going to be stored?"
He says, in particular, academics were very sensitive to the idea that their work could be exposed to the Patriot Act in the United States.
In the end, the agreement concerning Macquarie University's staff email required the data be stored in Europe, distancing it from US jurisdiction. However, there are additional complications originating much closer to home.
"Really, the biggest issues you have with cloud computing are regulatory ones," Bailey says. "The government has yet to catch up with technology."
This is particularly true for organisations operating in NSW. "The NSW [State] Records Act demands that all data is stored on NSW soil," he explains. All data held on the Macquarie University cloud system is therefore backed up and held in a storage unit on site.
"In the world of the cloud, the very concept that data, which is made of bits, has to worry about something that is made of atoms is sort of ridiculous," Bailey says. "The most costly aspect of our entire implementation is this NSW law."
Meanwhile, Nikoletatos explains that although Western Australia does not have any state laws pertaining to data protection, the university has elected to err on the side of caution.
"The states do vary quite dramatically," he says. "But where we don't have appropriate state-based direction, we're adopting the national standard.
"We're looking at the worst-case scenario. We're looking to host our data on Australian soil wherever possible, but we're still in the early days here," he says.
"One of the first steps we have taken - and been focused on quite heavily - is the information classification of our data," he says. "We have to be very clear about what we consider high-value data, particularly things like research intellectual property, and have developed different protocols for dealing with that data."
The next step for higher education providers in the cloud are programs for increasing collaboration across distance and time zones, e-portfolios and other such programs that build a student's ongoing relationship with the institution.
In terms of cutting-edge technology, Bailey points out that the professional world no longer offers the premium experience. Consumer-level products have cultivated a standard of user experience that enterprise-level programs find it hard to replicate.
"My philosophy is that consumerism is overrated," he says.
"We don't need to construct and provision our own infrastructure for everything that we do. No matter what you do internally you cannot keep up with consumer demand. You spend a lot of time chasing your tail trying to solve a problem that is much better solved by economies of scale."
Melbourne-based publishing services company DAI Rubicon has been using a cloud computing solution since late last year. Far from being concerned about moving its data offshore, managing director Rob Turner says the company realised limiting itself to domestically hosted servers and infrastructure was going to put a limit on its growth.
"I am aware of the jurisdictional issues that have been expressed, but as a company we are actually looking to expand into the American market, so having our servers and access located over there was seen as a positive thing for us," he says.
Management initially held some reservations about the technology, given how new it was, but they're now enjoying some big pay-offs.
"We still don't know all that many people using cloud like we are," he says. "I think the risks were more perceived than real. Once we got our heads around the extent to which telecommunications had evolved, it didn't seem like such a big jump."
Since implementing the solution, which comprises an open source point-of-sale supply chain system, the company's savings have been estimated at anywhere from $150,000 to $200,000 a year.
Turner says the savings, which are substantial for a business of its size, are related to process streamlining as well as physical cost reductions.
"In terms of the month-to-month costs the savings have probably only been a few hundred dollars, but that does add up - plus we get all the benefits of the cloud," he says.
"First, we have increased efficiency. It just takes us less time processing things.
"We also don't have the hardware investment we have had previously and we place a fair bit of value on the fact that we can now recover our data quickly and easily, which minimises our downtime. Previously, if our server had gone down, it would have taken us days to get back up and running again. Now we're talking about an hour and a half at most."
Turner says speed was also a key concern for the organisation, which relies heavily on the transaction of data between clients and foreign offices.
"We were having issues with some of our offshore offices, particularly Singapore, and some of our customers accessing our databases," he explains. "We've seen a rapid improvement, certainly here in Melbourne.
"Before we had some instances where processes could lag for up to six minutes and now we're down to a matter of seconds. It's a massive improvement."
Moreover the new system has helped to insure the company against data loss through a disaster recovery plan. Turner says it has introduced a new quality of manageability to DAI Rubicon's operations.
The initial implementation worked so well that the decision was quickly made to move its entire enterprise resource planning system into the cloud.
DAI Rubicon also found the cloud environment paid a substantial dividend in terms of improved working environments for its internal developers.
"In the past we were restricted. The hardware we had would only allow one developer at a time to do in-house development," he says. "But now we've freed that up so they each have their own instance within the cloud, which then allows them to do their individual developing, and then they come together at the end of that process, so they can sort of work concurrently."
Greater automation also means less IT support, improved customer invoicing and scalability to deal with changing demand.
Turner says any part of the business that has a demand for client or remote access will be migrated into the cloud over the next few years. "The cloud solution we have has met all my expectations," he says. MIS Australia
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.