Archive | PaaS RSS feed for this section

Re-imagining Business Through Integration

14 Nov

(I’m cross-posting this from the Fujitsu RunMyProcess blog where I am now a regular contributor).

Just a commentary in response to a post I found by by Peter Evans-Greenwood on the potential for business re-engineering based on presence-based technologies such as Apple’s iBeacon. While I don’t want to talk about this subject specifically, Peter uses a couple of very clear examples in terms of retail purchasing that illustrate the power of re-imagining desirable outcomes from the consumer’s perspective – as opposed to a technology perspective – and the resulting need to pursue consumer-focused integration of business capabilities to give them what they need.

These themes resonated with me this morning as I gave a talk at the Eurocloud congress recently in which I berated people for not “thinking big” about the potential of cloud in combination with other technologies. At the moment there is so much discussion and argument about whose VM is better or the benefits (or not) of making VMs more ‘enterprisey’ that everyone seems to be missing the ‘moon shot’ opportunity of integrating, simplifying and putting technology platforms into the hands of everyone. This problem only becomes more acute as you broaden your view to all of the other silo arguments raging across other areas of technology evolution. From this perspective Peter’s examples of design-led, consumer-oriented thinking were very similar to the challenge I tried to lay down to congress attendees.

Effectively I believe that the IT challenge of our generation is to package diverse technologies into much higher level platforms that humanise technology and empower less technical people to solve real problems – i.e. to enable them to use modelling and simplified domain languages to scalably and reliably address the huge opportunities that technology can deliver to science, business and society. It’s a shock to many IT people but more often than not it’s actually other people who have the domain knowledge required to change the world – which is why they don’t have the time to learn the technology. From their perspective everything related to traditional IT is a form of tax, a significant driver of risk and delay and at worst an insurmountable barrier to their activities. These problems become more acute as you scale down the size of organisation under consideration – to the point at which the vast majority of smart people are locked out of the ability to bring their expertise to bear in new digital business models.

humanizing technology to realise new digital value chains

If we take Peter’s examples of placing the consumer – rather than technology – at the heart of our endeavours then it feels to me as if many seemingly “hot” IT trends fail on this basic test and are simply a reflection of technology-led thinking. Doing isolated things better because we can – e.g. like Peter’s NFC example – is really just a way of increasing the efficiency of something that brings no benefit to the customer and is therefore just pointless when you step back and reflect. In Peter’s example the ‘customer’ from the technology provider’s perspective may have been the cashiers, the people who support payment systems or even the CIO. When you shift to an outside-in perspective, however, the obvious question is why make payment at the cash desk more efficient when there is no need to queue to pay at all?

I know it’s a difficult discussion but in a similar sense businesses rather than IT staff are the true customers of IT and their intent is ultimately to deliver new and valuable outcomes as quickly as possible – they really couldn’t care less whether your infrastructure is virtualised, what middleware is or whether the pointless technical activity required to undertake these tasks is managed by operations staff or developers. While they still have to ‘queue’ unnecessarily to get their outcomes it makes no material difference to their poor experience or the lack of empowerment offered by technology platforms. By stepping back we can see that most of the activity in cloud at the moment is not focused on re-imagining how we integrate and simplify IT to support the rapid achievement of new and customer-led business models but rather on how we provide tools and approaches to increase the efficiency of the people who have traditionally implemented IT. Again, this might make worthless tasks more efficient but effectively it’s like the payment example mentioned by Peter – in the same way that using NFC misses the opportunity for a wholesale rethink of the customer’s payment experience, I feel that most cloud activity (and certainly noise) is focused on achieving efficiency increases within the vast swathes of traditional IT activity which could be wholly eliminated using a design-led, outcome-centric approach.

In this context I believe that the major responsibility of cloud platform providers is to provide a simplified way of creating business solutions that span all of the different technologies, business capabilities and channels that are meaningful to the creation of business models. Essentially we need to enable businesses to ‘compose’ internal and external capabilities into new value webs supporting innovative new business models – all at a higher level of abstraction. I call this concept of rapid business model creation, integration and adaptation composite business. Essentially there should be no need for anyone other than cloud platform providers to understand the complexity of the different underlying technologies necessary to create, deliver and monetise systems that digitally encode business IP for such composite business models.

Realising a business platform for the support of composite business models requires the consideration of two different dimensions of integration and simplification:

  1. Firstly composite business platforms need to provide a cohesive experience to their users by integrating and simplifying all of the technologies, processes and tools required to deliver value outcomes via multi-layer business composition; such platforms cannot simply be a loose and low level collection of technologies and middleware that require ongoing integration, configuration and management by technical users.
  2. Secondly the platform itself needs to provide high leverage tools that a range of stakeholders can use to quickly capture, deliver, monetise and distribute their business IP as composite business and technology services.  In this context a composite business platform needs to facilitate the simplified creation of solutions that integrate distributed and heterogeneous assets into new value webs – while hiding the technical complexity required to enable it.

In stepping back we need to realise the essentially pointless nature of technology implementation and management as an end in itself and focus on the ways in which we can make it disappear behind tools that simplify the realisation of valuable business outcomes. Such a re-imagining has never been more feasible – we now have a foundation of open networks, open protocols and open technologies that enable the creation of new and higher order platforms for value creation. From my perspective this is the responsibility of platform companies in the emerging business ecosystem and we only have to step back to see the opportunities.

Aspects of Integration

In this context ‘cloud integration’ transforms from being a technical issue to an enabler to the rapid linkage of business and technology assets into new, consumer-centric value webs that can span industry boundaries and deliver new personalised services.

Furthermore while I believe that this shift has the short term potential to improve services from companies and organisations operating within settled industry boundaries, the outstanding business opportunities of our age are to put high leverage cloud platforms into the hands of the maximum number of people to democratise technology and allow organisations to pursue wholesale specialisation and the aggressive re-drawing of existing industry and social boundaries around value. I believe that we truly are on the verge of not just a new information industrial revolution that impacts IT companies but rather a whole new business revolution that will leverage the shift to utility platforms to change the basis of on which businesses compete.  As the technology platform coheres,  enterprises will increasingly be able to specialise, integrate and then focus their joint efforts around value to the end consumer rather than on maximising the utilisation of their own capabilities in pursuit of scale and efficiency (something that represents a ‘punctuated equilibrium’ in evolutionary terms – as I’ll continue to explore in part II of my recent post on this subject). As value webs can be quickly created, evolved and realigned to ‘pull’ everything into the experience required by the consumer, the old model of ‘pushing’ industrially or functionally siloed products and services from large and tightly integrated companies becomes insupportable.

So I would encourage you to read Peter’s post – to see some simple and concrete examples of design thinking in action – and then think about the ‘moonshot’ opportunity of a wholesale re-imagining of technology. With all of the myriad technology advances that we are seeing it has never been easier to create a simplified and reliable platform for the modelling, execution and monetisation of new kinds of business.

Finally, also take the time to really reflect on all of these opportunities in the context of your role and the ways in which you can truly add value in this new environment. If you are working in an enterprise then think hard about whether you really need to control the technology in order to realise business value for your organisation (hint – uh, no). On the other hand if you’re working in an IT company then think about how to hide the technology and enable IT groups to focus purely on business IP capture, management and distribution.

Advertisements

Evolution and the IT Industry – Part I

25 Oct

(I’m cross-posting this from the Fujitsu RunMyProcess blog where I am now a regular contributor).

A few years ago I wrote a (rather long) post about evolution in the context of business and in particular the use of emerging business architecture techniques to increase the chances of successfully navigating its influence.

Prompted by two recent posts on this blog, however – ‘Software Darwinism’ by Malcolm Haslam and ‘The Death and Rebirth of Outsourcing’ by Massimo Cappato – I thought I would simplify my original piece to create a much shorter and more IT-centric two part set of observations on this theme.  I basically wanted to pick up on the concept of evolution raised by Malcolm and use this as a vehicle to explore the potential impact on businesses and IT of the disruption described by Massimo; how have we arrived at the landscape of today and what can we learn from evolutionary processes about the likely impact of the disruption on the businesses paying large amounts of money for ‘artificially alive’ systems.

In part 1 I will introduce some ideas about evolution and discuss the current state of businesses in this context.  In part 2 I will continue the theme to discuss the way in which current disruptions represent a ‘punctuated equilibrium’ that demands rapid business evolution – or creates a high likelihood of extinction.

Evolution as an Algorithm

A fascinating book I once read about ‘complexity economics’ described evolution as an algorithm for exploring very large design spaces.  In this interpretation the ‘evolutionary algorithm’  allows the evaluation of a potentially infinite number of random designs against the selection criteria of a given environment. Those characteristics that are judged as ‘fit’ are amplified – through propagation and combination – while those which are not die out.

In the natural world evolution throws up organisms that have many component traits and success is judged – often brutally – by how well the combination of traits enables an animal to survive in the environment in which it exists.  For instance individuals of a particular colour or camouflage may survive due to their relative invisibility while others are eaten. Furthermore this is an ongoing process – individuals  with desirable traits will be better equipped to survive and the mating of such individuals will combine – and hence amplify – their desirable traits within their offspring.  Over time the propagation and combination of the most effective traits will increase in the population overall and where this happens quickly enough a species will evolve successfully for the environment..

Punctuated Equilibrium

Another interesting aspect of evolutionary systems is that they often exhibit long periods of relative stability until some set of external changes creates a ‘punctuated equilibrium’; that is a change to the environment which brings new selection criteria to the fore.  Such changes can have a devastating effect on species which have evolved successfully within the previous environment and lead to new periods of dominance or success for new or previously less successful species whose traits make them better adapted to the new selection criteria that result from the change.  Such species then continue to evolve towards mastery of their environment while others which are too specialised to adapt simply die out.

A particularly dramatic example of this process was the extinction of the dinosaurs, where a change in the environment lowered temperatures and destroyed the lush foliage they depended upon.  This led them from masters of the world to extinction in a relatively short period – the combination of traits that previously made them highly successful was no longer well aligned to the selection criteria of the new environment.

Markets as Evolutionary Systems

It has been argued that the complexity of markets (in terms of their scale, their breadth of participation and the differing intents of the participants) means that they can effectively be viewed as evolutionary systems.  Markets are essentially an environment in which we participate rather than something that can be clearly understood or designed in advance.  They are effectively a very large design space where the characteristics for success are often not known in advance and must be discovered through experimentation and adaptation.

When we look at businesses in an evolutionary context we can therefore hypothesize that those which converge over time  towards successful combinations of traits – as judged by their stakeholders through a process of interaction and adaptation – will be the ones best adapted  to market needs and thus chosen by consumers.  These traits – whether they are talent strategies, process strategies or technology strategies – are then copied by other businesses, replicating and amplifying successful traits within the economic system.

The Influence of IT

If we focus specifically on IT,  we can see that even today IT systems have a large influence on the quality of the business capabilities that underpin a company’s offerings.  Every business is competing for selection against competitors with other applications – and software is increasingly moving to the core as business becomes ‘digital’; as a result it is clear that IT is a major (and increasing) factor in deciding the ‘fitness’ of any particular business versus another.  In this context we can see that the degree to which IT helps or hinders a business makes a huge difference to the quality of its ‘traits’ – both individually and in aggregation.  IT can therefore be a significant influence on whether a business’s offerings are ‘fit’ when judged by the evolutionary algorithm of the market.

Competition in an Age of Universally Bad IT

Despite the illusion of change over the last 30 years, at the macro level things have actually been relatively static from  a technology perspective.  While we have moved from mainframes to client-server and from client-server to the Web the fundamental roles of business and IT have remained unchanged (i.e. firms exist to minimise the transaction costs of doing business by building scale and such businesses spend a lot of money on owning and operating IT in pursuit of efficiencies and consistency across their large scale operations).  In reality most IT investment has therefore been inward facing and viewed as a cost of doing business (a ‘tax’ as Massimo would describe it) rather than a platform for the delivery of innovation and differentiation from an external perspective.

Under this model we have seen large businesses use their scale to pay for IT products and services that are inaccessible to smaller organisations.  Over time -because the focus has often been on efficiencies and standardisation – many IT estates have tended to converge around similar packaged applications and technology.  This convergence has all but wiped out the flexibility required for business differentiation while simultaneously placing organisations functionally and temporally in lockstep (as a concrete example it is no surprise that all companies are facing huge challenges as a result of mobility or that their challenges are more or less the same).  Together these developments have led to a broadly static business environment in which a smaller number of large companies dominate each market segment, providing mediocre levels of innovation and service while dictating both the shape of industries and the kinds of offerings consumers can expect  from each.

As a result while IT has enabled large scale efficiencies, it has led to the situation outlined by Massimo – a situation in which businesses have huge investment responsibilities, a crushing burden from bloated support and delivery organisations and a limited ability to evolve quickly (if at all).  The irony is that it has done this equally to all organisations who could afford it, however,while simultaneously acting as a competitive barrier by limiting the economies of scale that can be achieved by organisations who could not.  As a result the costs, complexity, inflexibility and balkanisation around industry boundaries – along with a lack of innovation and customer-centricity – have become part of the settled fabric of business.

While this has not been a significant issue for large organisations during an extended period of relative stability, it does however threaten to create significant challenges as a result of any disruption to the status quo.  It is perhaps interesting to think of today’s businesses as the dinosaurs of the modern age – large and perfectly adapted to the warm and plant rich environment in which they exist unchallenged.

A Punctuated Equilibrium for Business?

Over the last few years, however, we have seen the genesis of a major disruption – a disruption that is going to change the evaluation criteria of the market and require the development of wholly different traits to succeed.  As cloud delivery models, large scale mobility and the mass sharing of content in social graphs converge I believe that they herald a ‘punctuated equilibrium’ whose effects on business will be profound.  These are not just technology changes but rather a change to the fundamental environment in which we all work, play and socialise – and a signal that business models and even industry boundaries are up for radical change.

The possibilities that these advances create in tandem are akin to an emerging ice age for large businesses and their technology providers – an age in which businesses must fight for every customer and must mutate their organisations, business models and technology to attain a new definition of ‘fitness’.  The easy days of domination through mass and an abundance of low hanging cash to be grazed are passing.

In part 2 of this post I will therefore talk more about the nature of this punctuated equilibrium and my personal views on the shifts in business and technology models that will be required to survive it.

The Business Case for Private Cloud

19 Apr
Private Cloud Posts Should Come in Threes

Over the last year I have returned to the subject of ‘private cloud’ on a number of occasions.  Basically I’m trying to share my confusion as I still don’t really ‘get it’.

First of all I discussed some of the common concerns related to cloud that are used to justify a pursuit of ‘private cloud’ models.  In particular I tried to explain why most of these issues distract us from the actual opportunities; for me cloud has always been a driver to rethink the purpose and scope of your business.  In this context I tried to explain why – as a result – public and private clouds are not even vaguely equivalent.

More recently I mused on whether the whole idea of private clouds could lead to the extinction of many businesses who invest heavily in them.  Again, my interest was on whether losing the ability to cede most of your business capabilities to partners due to over-investment in large scale private infrastructures could be harmful.  Perhaps ‘cloud-in-a-box’ needs a government health warning like tobacco.

In this third post I’d like to consider the business case of private cloud to see whether the concept is sufficiently compelling to overcome my other objections.

A Reiteration of My View of Cloud

Before I start I just wanted to reiterate the way I think about the opportunities of cloud as I’m pretty fed up of conversations about infrastructure, virtualisation and ‘hybrid stuff’.  To be honest I think the increase in pointless dialogue at this level has depressed my blog muse and rendered me mute for a while – while I don’t think hypervisors have anything to do with cloud and don’t believe there’s any long term value in so called ‘cloud bursting’ of infrastructure (as an apparently particularly exciting subject in my circle) I’m currently over-run by weight of numbers.

Essentially its easy to disappear down these technology rat holes but for me they all miss the fundamental point.  Cloud isn’t a technology disruption (although it is certainly disrupting the business models of technology companies) but eventually a powerful business disruption.  The cloud enables – and will eventually force – powerful new business models and business architectures.

As a result cloud isn’t about technology or computing per se for me but rather about the way in which technology is changing the economics of working with others.  Cloud is the latest in a line of related technologies that have been driving down the transaction costs of doing business with 3rd parties.  To me cloud represents the integration, commoditisation and consumerisation of these technologies and a fundamental change in the economics of IT and the businesses that depend on it.  I discussed these issues a few years ago using the picture below.

image

Essentially as collaboration costs move closer and closer to zero so the shape of businesses will change to take advantage of better capabilities and lower costs.  Many of the business capabilities that organisations currently execute will be ceded to others given that doing so will significantly raise the quality and focus of their own capabilities.  At the same time the rest will be scaled massively as they take advantage of the ability to exist in a broader ecosystem.  Business model experimentation will become widespread as the costs of start up (and failure) become tiny and tied to the value created.  Cloud is a key part of enabling these wider shifts by providing the business platforms required to specialise without losing scale and to serve many partners without sacrificing service standardisation.  While we are seeing the start of this process through offerings such as infrastructure-as-a-service and software-as-a-service these are just the tip of the iceberg.  As a very prosaic example many businesses are now working hard to think about how they can extend their reach using business APIs; combine this with improving business architecture practices and the inherent multi-tenancy of the cloud and it is not difficult to imagine a future in which businesses first become a set of internal service providers and then go on to take advantage of the disaggregation opportunity.  In future, businesses will become more specialised, more disaggregated and more connected components within complex value webs.  Essentially every discrete step in a value stream could be fulfilled by a different specialised service provider, with no ‘single organisation’ owning a large percentage of the capabilities being coordinated (as they do today).

As a result of all of these forces my first statement is therefore always that ‘private cloud’ does not really exist; sharing some of the point technologies of early stage cloud platform providers (but at lower scale and without the rapid learning opportunities they have) is not the same as aggressively looking to leverage the fall in transaction costs and availability of new delivery models to radically optimise your business.  Owning your own IT is not really a lever in unlocking the value of a business service based ecosystem but rather represents wasteful expense when the economics of IT have shifted decisively from those based on ownership to those based on access.  IT platforms are now independent economy-of-scale based businesses and not something that needs to be built, managed and supported on a business-by-business basis with all of the waste, diversity, delay and cost that this entails.  Whilst I would never condemn those who have the opportunity to improve their existing estates to generate value I would not accept that investing in internal enhancement would ever truly give you the benefits of cloud.  For this reason I have always disliked the term ‘private cloud’.

In the light of this view of the opportunities of cloud, I would posit that business cases for private cloud could be regarded as lacking some sense even before we look at their merit.  Putting aside the business issues for a moment, however, let’s look at the case from the perspective of technology and how likely it is that you will be able to replicate the above benefits by internal implementation.

What Is a “Cloud”?

One of the confusing issues related to cloud is that it is a broad shift in the value proposition of IT and IT enabled services and not a single thing.  It is a complete realignment of the IT industry and by extension the shape of all industries that use it.  I have a deeper model I don’t want to get into here but essentially we could view cloud as a collection of different kinds of independent businesses, each with their own maturity models:

  • Platforms: Along the platform dimension we see increasing complexity and maturity going –> infrastructure-as-a-service, platform-as-a-service, process-platform-as-a-service through to the kind of holistic service delivery platform I blogged about some time ago.  These are all increasingly mature platform value propositions based on technology commoditisation and economies of scale;
  • Services: Along the services dimension we see increasing complexity and maturity going –> ASP (single tenant applications in IaaS), software-as-a-service, business-processes-as-a-service through to complete business capabilities offered as a service.  While different services may have different economic models, from a cloud perspective they share the trait that they are essentially about codifying, capturing and delivering specialised IP as a multi-tenant cloud service; and
  • Consulting: Along the consulting dimension we see increasing complexity and maturity going –> IT integration and management, cloud application integration and management, business process integration and management through to complex business value web integration and management.  These all exist in the same dimension as they are essentially relationship based services rather than asset based ones.

All of these are independent cloud business types that need to be run and optimised differently.  From a private cloud perspective, however, most people only think about the ‘platform’ case (i.e. only about technology) and think no further than the lowest level of maturity (i.e. IaaS) – even though consulting and integration is actually the most likely business type available for IT departments to transition to (something I alluded to here).  In fact its probably an exaggeration to say that people think about IaaS as most people don’t get beyond virtualisation technology.

Looking at services – which is what businesses are actually interested in, surprisingly – this is probably the biggest of the many elephants in the room with respect to private cloud; if the cloud is about being able to specialise and leverage shared business services from others (whether applications, business process definitions or actual business capabilities) then they – by definition – execute somewhere beyond the walls of the existing organisation (i.e. at the service provider).  So how do these fit with private cloud?  Will you restrict your business to only ever running the old and traditional single-tenant applications you already have?  Will you build a private cloud that has a flavour of every single platform used or operated by specialised service providers?  Will you restrict your business to service providers who are “compatible” with your “platform” irrespective of the business suitability of the service?  Or do you expect every service provider to rewrite their services to run on your superior cloud but still charge you the same for a bespoke service as they charge for their public service?  Whichever one you pick it’s probably going to result in some pain and so you might want to think about it.

Again, for the sake of continuing the journey let’s ignore the issue of services – as it’s an aspect of the business ecosystem problem we’ve already decided we need to ignore to make progress – and concentrate where most people stop thinking.  Let’s have a look at cloud platforms.

Your New Cloud Platform

The first thing to realise is that public cloud platforms are large scale, integrated, automated, optimised and social offerings organised by value to wrap up complex hardware, networks, middleware, development tooling, software, security, provisioning, monetisation, reporting, catalogues, operations, staff, geographies etc etc and deliver them as an apparently simple service.  I’ll say it again – cloud is not just some virtualisation software.  I don’t know why but I just don’t seem able to say that enough.  For some reason people just underestimate all this stuff – they only seem to think about the hypervisor and forget the rest of the complexity that actually takes a hypervisor and a thousand other components and turns them into a well-oiled, automated, highly reliable and cross functional service business operated by trained and motivated staff.

Looking at the companies that have really built and operated such platforms on the internet we can see that there are not a large number due to:

  1. The breadth of cross functional expertise required to package and operate a mass of technologies coherently as a cost-effective and integrated service;
  2. The scarcity of talent with the breadth of vision and understanding required to deliver such an holistic offering; and
  3. The prohibitive capital investment involved in doing so.

Equally importantly these issues all become increasingly pressing as the scope of the value delivered progesses up the platform maturity scale beyond infrastructure and up to the kind of platform required for the realisation and support of complete multi-tenant business capabilities we described at the beginning.

Looking at the companies who are building  public cloud platforms it’s unsurprising that they are not enthusiastically embracing the nightmare of scaling down, repackaging, delivering and then offering support for many on-premise installations of their complex platforms across multiple underfunded IT organisations for no appreciable value.  Rather they are choosing to specialise on delivering these platforms as service offerings to fully optimise the economic model for both themselves and (ironically) their customers.

Whereforeart Thou Private Cloud?

Without the productised expertise of organisations who have delivered a cloud platform, however, who will build your ‘private cloud’?  Ask yourself how they have the knowledge to do so if they haven’t actually implemented and operated all of the complex components as a unified service at high scale and low cost?  Without ‘productised platforms’ built from the ground up to operate with the levels of integration, automation and cost-effectiveness required by the public cloud, most ‘private cloud’ initiatives will just be harried, underfunded and incapable IT organisations trying to build bespoke virtualised infrastructures with old, disparate and disconnected products along with traditional consulting, systems integration and managed services support. Despite enthusiastic ‘cloud washing’ by traditional providers in these spaces such individual combinations of traditional products and practices are not cloud, will probably cost a lot of money to build and support and will likely never be finished before the IT department is marginalised by the business for still delivering uncompetitive services.

Trying to blindly build a ‘cloud’ from the ground up with traditional products, the small number of use cases visible internally and a lack of cross functional expertise and talent – probably with some consulting and systems integration thrown in for good measure to help you on your way – could be considered to sound a little like an expensive, open ended and high risk proposition with the potential to result in a white elephant.  And this is before you concede that it won’t be the only thing you’re doing at the time given that you also have a legacy estate to run and enhance.

Furthermore, go into most IT shops and check out how current most of their hardware and software is and how quickly they are innovating their platforms, processes and roles.  Ask yourself how much time, money and commitment a business invests in enabling its _internal IT department_ to pursue thought leadership, standards efforts and open source projects.  Even once the white elephant lands what’s the likelihood that it will keep pace with specialised cloud platform providers who are constantly improving their shared service as part of their value proposition?

For Whom (does) Your Cloud (set its) Tolls?

Once you have your private cloud budget who will you build it for?  As we discussed at the outset your business will be increasingly ceding business capabilities to specialised partners in order to concentrate on their own differentiating capabilities.  This disaggregation will likely occur along economic lines as I discussed in a previous post, as different business capabilities in your organisation will be looking for different things from their IT provision based on their underlying business model.  Some capabilities will need to be highly adaptable, some highly scalable, some highly secure and some highly cost effective.  While the diversity of the public cloud market will enable different business capabilities within an organisation to choose different platforms and services without sacrificing the benefits of scale, any private cloud will necessarily be conflicted by a wide diversity of needs and therefore probably not be optimal for any.  Most importantly every part of the organisation will probably end up paying for the gold-plated infrastructure required by a subset of the business and which is then forced onto everyone as the ‘standard’ for internal efficiency reasons.

You therefore have to ask yourself:

  1. Is it _really_ true that all of your organisation’s business capabilities _really_ need private hosting given their business model and assets?  I suspect not;
  2. How will you support all of the many individual service levels and costs required to match the economics of your business’s divergent capabilities? I suspect you can’t and will deliver a mostly inappropriate ‘one size fits all’ platform geared to the most demanding use cases; and
  3. How will you make your private infrastructure cost-effective once the majority of capabilities have been outsourced to partners?  The answer is that you probably won’t need to worry about it – I suspect you’ll be out of a job by then after driving the business to bypass your expensive IT provision and go directly to the cloud.
Have We Got Sign-off Yet?

So let’s recap:

  1. Private cloud misses the point of the most important disruption related to cloud – that is the opportunity to specialise and participate more fully in valuable new economic ecosystems;
  2. Private cloud ignores the fundamental fact that cloud is a ‘service-oriented’ phenomenon – that is the benefits are gained by consuming things, uh as a service;
  3. Private cloud implementation represents a distraction from that part of the new IT value chain where IT departments have the most value to add – that is as business-savvy consultants, integrators and managers of services on behalf of their business.

To be fair, however, I will take all of that value destruction off the table given that most people don’t seem to have got there yet.

So let’s recap again just on the platform bit.  It’s certainly the case that internal initiatives targeted at building a ‘private cloud’ are embarking on a hugely complex and multi-disciplinary bespoke platform build wholly unrelated to the core business of the organisation.  Furthermore given that it is an increasing imperative that any business platform supports the secure exposure of an organisation’s business capabilities to the internet they must do this in new ways that are highly secure, standards based, multi-tenant and elastic.  In the context of the above discussion, it could perhaps be suggested that many organisations are therefore attempting to build bespoke ‘clouds’:

  1. Without proven and packaged expertise;
  2. Without the budget focus that public cloud companies need merely to stay in business;
  3. Often lacking both the necessary skills and the capability to recruit them;
  4. Under the constant distraction of wider day to day development and operational demands;
  5. Without support from their business for the activities required to support ongoing innovation and development;
  6. Without a clear strategy for providing multiple levels of service and cost that are aligned to the different business models in play within the company.

In addition whatever you build will be bespoke to you in many technological, operational and business ways as you pick best of breed ‘bits’, integrate them together using your organisations existing standards and create operational procedures that fit into the way your IT organisation works today (as you have to integrate the ‘new ops’ with the ‘old ops’ to be ‘efficient’).  As a result good luck with ever upgrading the whole thing given its patchwork nature and the ‘technical differentiation’ you’ve proudly built in order to realise a worse service than you could have had from a specialised platform provider with no time or cost commitment.

Oh and the costs to operate whatever eventually comes out the other end of the adventure – according to Microsoft at least – could potentially be anywhere between 10 and 80 times higher than those you could get externally right now (and that’s on the tenuous assumption that you get it right first time over the next few years and realise the maximum achievable internal savings – as you usually do no doubt).  To rephrase this we could say that it’s a plan to delay already available benefits for at least three years, possibly for longer if you mess up the first attempt.

I may be in the minority but I’m _still_ not convinced by the business case.

So What Should I Get Sign-off For?

My recommendation would be to just stop already.

And then consider that you are probably not a platform company but rather a consultant and integrator of services that helps your business be better.

So, my advice would be to:

  1. Stop (please) thinking (or at least talking) about hypervisors, virtual machines, ‘hybrid clouds’ and ‘cloud bursting’ and realise that there is inherently no business value in infrastructure in and of itself.  Think of IaaS as a tax on delivering value outcomes and try not to let it distract you as people look to make it more complex for no reason (public/private/hybrid/cross hypervisor/VM management/cloud bursting/etc).  It generates so much mental effort for so little business value;
  2. Optimise what you already have in house with whatever traditional technologies you think will help – including virtualisation – if there is a solid _short return_ business case for it but do not brand this as ‘private cloud’ and use it to attempt to fend off the public cloud;
  3. Model all of your business capabilities and understand the information they manage and the apps that help manage it.  Classify these business capabilities by some appropriate criteria such as criticality, data sensitivity, connectedness etc.  Effectively use Business Architecture to study the structure and characteristics of your business and its capabilities;
  4. Develop a staged roadmap to re-procure (via SaaS), redevelop (on PaaS) or redeploy (to IaaS) 80% of apps within the public cloud.  Do this based on the security and risk characteristics of each capability (or even better replace entire business capabilities with external services provided by specialised partners); and
  5. Pressure cloud providers to address any lingering issues during this period to pave the way for the remaining 20% (with more sensitive characteristics) in a few years.

Once you’ve arrived at 5) it may even be that a viable ‘private cloud’ model has emerged based on small scale and local deployments of ‘shrink wrapped boxes’ managed remotely by the cloud provider at some more reasonable level above infrastructure.  Even if this turns out to be the case at least you won’t have spent a fortune creating an unsupportable white elephant scaled to support the 80% of IT and business that has already left the building.

Whatever you do, though, try to get people to stop telling me that cloud is about infrastructure (and in particular your choice of hypervisor).  I’d be genuinely grateful.

Will Private Cloud Fail ?

28 Jan

A recent discussion on ebizq about the success or failure of private clouds was sparked by Forrester analyst James Staten’s prediction late last year that ‘You will build a private cloud, and it will fail’.  In reality James himself was not suggesting that the concept of ‘private cloud’ would be a failure, only that an enterprise’s first attempt to build one would be – for various technical or operational reasons – and that learning from these failures would be a key milestone in preparing for eventual ‘success’.  Within the actual ebizq discussion there were a lot of comments about the open ended nature of the prediction (i.e. what exactly will fail) and the differing aims of different organisations in pursuing private infrastructures (and therefore the myriad ways in which you could judge such implementations to be a ‘success’ or a ‘failure’ from detailed business or technology outcome perspectives).

I differ in the way I think about this issue, however, as I’m less interested in whether individual elements of a ‘private cloud’ implementation could be considered to be successful or to have failed, but rather more interested in the broader question of whether the whole concept will fail at a macro level for cultural and economic reasons.

First of all I would posit two main thoughts:

1) It feels to me as if any sensible notion of ‘private clouds’ cannot be a realistic proposition until we have mature, broad capability and large scale public clouds that the operating organisations are willing to  ‘productise’ for private deployment; and

2) By the time we get to this point I wonder whether anyone will want one any more.

To address the first point: without ‘productised platforms’ hardened through the practices of successful public providers most ‘private cloud’ initiatives will just be harried, underfunded and incapable IT organisations trying to build bespoke virtualised infrastructures with old, disparate and disconnected products along with traditional consulting, systems integration and managed services support. Despite enthusiastic ‘cloud washing’ by traditional providers in these spaces such individual combinations of traditional products and practices are not cloud, will probably cost a lot of money to build and support and will likely never be finished before the IT department is marginalised by the business for still delivering uncompetitive services.

To the second point: given that the economics (unsurprisingly) appear to overwhelmingly favour public clouds, that any lingering security issues will be solved as part of public cloud maturation and – most critically – that cloud ultimately provides opportunities for business specialisation rather than just technology improvements (i.e. letting go of 80% of non differentiating business capabilities and sourcing them from specialised partners), I wonder whether there will be any call for literally ‘private clouds’ by the time the industry is really ready to deliver them. Furthermore public clouds need not be literally ‘public’ – as in anyone can see everything – but will likely allow the creation of ‘virtual private platforms’ which allow organisations to run their own differentiating services on a shared platform whilst maintaining complete logical separation (so I’m guessing what James calls ‘hosted private clouds’ – although that description has a slightly tainted feeling of traditional services to me).

More broadly I wonder whether we will see a lot of wasted money spent for negative return here. Many ‘private cloud’ initiatives will be scaled for a static business (i.e. as they operate now) rather than for a target business (i.e. one that takes account of the wider business disruptions and opportunities brought by the cloud).  In this latter context as organisations take the opportunities to specialise and integrate business capabilities from partners they will require substantially less IT given that it will be part of the service provided and thus ‘hidden’.  Imagining a ‘target’ business would therefore lead us to speculate that such businesses will no longer need systems that previously supported capabilities they have ceased to execute. One possible scenario could therefore be that ‘private clouds’ actually make businesses uncompetitive in the medium to long term by becoming an expensive millstone that provides none of the benefits of true cloud whilst weighing down the leaner business that cloud enables with costs it cannot bear. In extreme cases one could even imagine ‘private clouds’ as the ‘new legacy’, creating a cost base that drives companies out of business as their competitors or new entrants transform the competitive landscape. In that scenario it’s feasible that not only would ‘private clouds’ fail as a concept but they could also drag down the businesses that invest heavily in them(1).

Whilst going out of business completely may be an extreme – and unlikely – end of a spectrum of possible scenarios, the basic issues about cost, distraction and future competitiveness – set against a backdrop of a declining need for IT ownership – stand. l therefore believe that people need to think very, very carefully before deciding that the often short-medium term (and ultimately solvable) risks of ‘public’ cloud for a subset of their most critical systems are outweighed by the immense long term risks, costs and commitment of building an own private infrastructure. This is particularly the case given that not all systems within an enterprise are of equal sensitivity and we therefore do not need to make an inappropriately early and extreme decision that everything must be privately hosted.  Even more subtly, different business capabilities in your organisation will be looking for different things from their IT provision based on their underlying business model – some will need to be highly adaptable, some highly scalable, some highly secure and some highly cost effective.  Whilst the diversity of the public cloud market will enable different business capabilities to choose different platforms and services without sacrificing the traditional scale benefits of internal standardisation, any private cloud will necessarily operate with a wide diversity of needs and therefore probably not be optimal for any.  In the light of these issues, there are more than enough – probably higher benefit and lower risk – initiatives available now in incrementally optimising your existing IT estate whilst simultaneously codifying the business capabilities required by your organisation, the optimum systems support for their delivery and then replacing or moving the 80% of non-critical applications to the public cloud in a staged manner (or better still directly sourcing a business capability from a partner that removes the need for IT). In parallel we have time to wait and see how the public environment matures – perhaps towards ‘virtual private clouds’ or ‘private cloud appliances’ – before making final decisions about future IT provision for the more sensitive assets we retain in house for now (using existing provision). Even if we end up never moving this 20% of critical assets to a mature and secure ‘public’ cloud they can either a) remain on existing platforms given the much reduced scope of our internal infrastructures and the spare capacity that results or b) be moved to a small scale, packaged and connected appliance from a cloud service provider.

Throwing everything behind building a ‘private cloud’ at this point therefore feels risky given the total lack of real, optimised and productised cloud platforms, uncertainty about how much IT a business will actually require in future and the distraction it would represent from harvesting less risky and surer public cloud benefits for less critical systems (in ways that also recognise the diversity of business models to be supported).

Whilst it’s easy, therefore, to feel that analysts often use broad brush judgments or seek publicity with sensationalist tag lines I feel in this instance a broad brush judgment of the likely success or failure of the ‘private cloud’ concept would actually be justified (despite the fact that I am using a different interpretation of failure to the ‘fail rapidly and try again’ one I understand James to have meant). Given the macro level impacts of cloud (i.e. a complete and disruptive redefinition of the value proposition of IT) and the fact that ‘private cloud’ initiatives fail to recognise this redefinition (by assuming a marginally improved propagation of the status quo), I agree with the idea that anyone who attempts to build their own ‘private cloud’ now will be judged to have ‘failed’ in any future retrospective. When we step away from detailed issues (where we may indeed see some comparatively marginal improvements over current provision) and look at the macro level picture, IT organisations who guide their business to ‘private cloud’ will simultaneously load it with expensive, uncompetitive and unnecessary assets that still need to be managed for no benefit whilst also failing to guide it towards the more transformational benefits of specialisation and flexible provision. As a result whilst we cannot provide ‘hard facts’ or ‘specific measures’ that strictly define which ‘elements’ of an individual ‘private cloud’ initiative will be judged to have ‘succeeded’ and which will have ‘failed’, looking for this justification is missing the broader point and failing to see the wood for the trees; the broader picture appears to suggest that when we look back on the overall holistic impacts of ‘private cloud’ efforts it will be apparent that they have failed to deliver the transformational benefits on offer by failing to appreciate the macro level trends towards IT and business service access in place of ownership. Such a failure to embrace the seismic change in IT value proposition – in order to concentrate instead on optimising a fading model of ‘ownership’ – may indeed be judged retrospectively as ‘failure’ by businesses, consumers and the market.

Whilst I agree with many of James’s messages about what it actually means to deliver a cloud – especially the fact that they are a complex, connected ‘how’ rather than a simple ‘thing’ and that budding ‘private cloud’ implementers fail to understand the true breadth of complexity and cross functional concerns – I believe I may part company with James’s prediction in the detail.  If I understand correctly James specifically advocates ‘trying and failing’ merely as an enabler to have another go with more knowledge; given the complexity involved in trying to build an own ‘cloud’ (particularly beyond low value infrastructure), the number of failures you’d have to incur to build a complete platform as you chase more value up the stack and the ultimately pointless nature of the task (at least taking the scenarios outlined above) I would prefer to ask why we would bother with ‘private cloud’ at this point at all? It would seem a slightly insane gamble versus taking the concrete benefits available from the public cloud (in a way which is consistent with your risk profile) whilst allowing cloud companies to ‘fail and try again’ on your behalf until they have either created ‘private cloud appliances’ for you to deploy locally or obviated the need completely through the more economically attractive maturation of ‘virtual private platforms’.

For further reading, I went into more detail on why I’m not sure private clouds make sense at this point in time here:

http://www.ebizq.net/blogs/ebizq_forum/2010/11/does-the-private-cloud-lack-business-sense.php#comment-12851

and why I’m not sure they make sense in general here:

https://itblagger.wordpress.com/2010/07/14/private-clouds-surge-for-wrong-reasons/

(1) Of course other possible scenarios people mention are:

  1. That the business capabilities remaining in house expand to fill the capacity.  In this scenario these business capabilities would probably still pay a premium versus what they could get externally and thus will still be uncompetitive and – more importantly – saddled with a serious distraction for no benefit.  Furthermore this assumes that the remaining business capabilities share a common business model and that through serendipity the ‘private cloud’ was built to optimise this model in spite of the original muddled requirements to optimise other business models in parallel; and
  2. Companies who over provision in order to build a ‘private cloud’ will be able to lease all of their now spare capacity to others in some kind of ‘electricity model’.  Whilst technically one would have some issues with this, more importantly such an operation seems a long way away from the core business of nearly every organisation and seems a slightly desperate ‘possible ancillary benefit’ to cling to as a justification to invest wildly now.  This is especially the case when such an ‘ancillary benefit’ may prevent greater direct benefits being gained without the hassle (through judicious use of the public cloud both now and in the future.)

Cloud is not Virtualization

12 Jan

In the interests of keeping a better record of my online activity I’ve recently decided to cross-post opinions and thoughts I inflict on people via forums and other technology sites via my blog as well (at least where they are related to my subject and have any level of coherence, lol).  In this context I replied to an ebizq question yesterday that asked “Is it better to use virtualization for some business apps than the cloud?“.  This question was essentially prompted by a survey finding that some companies are more likely to use virtualisation technologies than move to the cloud.

Whilst I was only vaguely interested in the facts presented per se, I often find that talking about cloud and virtualisation together begs people to draw a false equivalence between two things that – at least in my mind – are entirely different in their impact and importance.

Virtualisation is a technology that can (possibly)  increase efficiency in your existing data centre and which might be leveraged by some cloud providers as well.  That’s nice and it can reduce the costs of hosting all your old cack in the short term. Cloud on the other hand is a disruptive shift in the value proposition of IT and the start of a prolonged disruption in the nature and purpose of businesses.

In essence cloud will enable organisations to share multi-tenant business capabilities over the network in order to specialise on their core value. Whilst virtualisation can help you improve your legacy mess (or make it worse if done badly) it does nothing significant to help you take advantage of the larger disruption as it just reduces the costs of hosting applications that are going to increasingly be unfit for purpose due to their architecture rather than their infrastructure.

In this context I guess it’s up to people to decide what’s best to do with their legacy apps – it may indeed make sense in the short term to move them onto virtualised platforms for efficiency’s sake (should it cost out) in order to clean up their mess during the transition stage.

In the longer term, however, people are going to have to codify their business architecture, make decisions about their core purpose and then build new cloud services for key capabilities whilst integrating 3rd party cloud services for non-differentiating capabilities. In this scenario you need to throw away your legacy and develop cloud native and multi-tenant services on higher level PaaS platforms to survive – in which case VMs have no place as a unit of value and the single tenant legacy applications deployed within them will cease to be necessary. In that context the discussion becomes a strategic one – how aggressively will you adopt cloud platforms, what does this mean for the life span of your applications and how will it impact the case for building a virtualised infrastructure (I was assuming it was a question of internal virtualisation rather than IaaS due to the nature of the original question). If it doesn’t pay back or you’re left with fairly stable applications already covered by existing kit then don’t do it.

Either way – don’t build new systems using old architectures and think that running it in a virtualised environment ‘future proofs’ you; the future is addressing a set of higher level architectural issues related to delivering flexible, multi-tenant and mass customisable business capabilities to partners in specialised value webs. Such architectural issues will increasingly be addressed by higher level platform offerings that industrialise and consumerise IT to reduce the issues of managing the complex list of components required to deliver business systems (also mentioned as an increasing issue in the survey).   As a result your route to safety doesn’t lie in simply using less physical – but equally dumb – infrastructure.

Reporting of “Cloud” Failures

12 Oct

I’ve been reading an article from Michael Krigsman today related to Virgin Blue’s “cloud” failure in Australia along with a response from Bob Warfield.  These articles raised the question in passing of whether such offerings can really be called cloud offerings and also brought back the whole issue of ‘private clouds’ and their potentially improper use as a source of FUD and protectionism.

Navitaire essentially seem to have been hosting an instance of their single-tenancy system in what appears to be positioned as a ‘private cloud’.  As other people have pointed out, if this was a true multi-tenant cloud offering then everyone would have been affected and not just a single customer.  Presumably then – as a private cloud offering – this is more secure, more reliable, has service levels you can bet the business on and won’t go down.  Although looking at these reports it seems like it does, sometimes.

Now I have no doubt that Navitaire are a competent, professional and committed organisation who are proud of the service they offer.  As a result I’m not really holding them up particularly as an example of bad operational practice but rather to highlight widespread current practices of repositioning ‘legacy’ offerings as ‘private cloud’ and the way in which this affects customers and the reporting of failures.

Many providers whose software or platform is not multi-tenant are aggressively positioning their offering as ‘private cloud’ both as an attempt to maintain revenues for their legacy systems and a slightly cynical way to press on companies’ worries about sharing.  Such providers are usually traditional software or managed service providers who have no multi-tenant expertise or assets; as a result they try to brand things cloud whilst really just delivering old software in an old hosted model.  Whilst there is still potentially a viable market in this space – i.e. moving single-tenant legacy applications from on-premise to off-premise as a way of reducing the costs of what you already have and increasing focus on core business – such offerings are really just managed services and not cloud offerings.  The ‘private’ positioning is a sweet spot for these people, however, as it simultaneously allows them to avoid the significant investment required to recreate their offerings as true cloud services, prolongs their existing business models and plays on customers uncertainty about security and other issues.  Whilst I understand the need to protect revenue at companies involved in such ‘cloud washing’ – and thus would stop short of calling these practices cynical – it illustrates that customers do need to be aware of the underlying architecture of offerings (as Phil Wainwright correctly argued).  In reality most current ‘private cloud’ offerings are not going to deliver the levels of reliability, configurability and scale that customers associate with the promise of the cloud.  And that’s before we even get to the more business transformational issues of connectivity and specialisation.

Looking at these kinds of offerings we can see why single-tenant software and private infrastructure provided separately for each customer (or indeed internally) is more likely to suffer a large scale failure of the kind experienced by Virgin Blue.  Essentially developing truly resilient and failure optimised solutions for the cloud needs to address every level of the offering stack and realistically requires a complete re-write of software, deep integration with the underlying infrastructure and expert operations who understand the whole service intimately.  This is obviously cost prohibitive without the ability to share a solution across multiple customers (remember that cloud != infrastructure and that you must design an integrated infrastructure, software and operations platform that inherently understands the structure of systems and deals with failures across all levels in an intelligent way).  Furthermore even if cost was not a consideration, without re-development the individual parts that make up such ‘private’ solutions (i.e. infrastructure, software and operations) were not optimised from the beginning to operate seamlessly together in a cloud environment and can be difficult to keep aligned and manage as a whole.  As a result it’s really just putting lipstick on a pig and making the best of an architecture that combines components that were never meant to be consumed in this way.

However much positioning companies try to do it’s plain that you can’t get away from the fact that ultimately multi-tenancy at every level of a completely integrated technology stack will be a pre-requisite for operating reliable, scalable, configurable and cost effective cloud solutions.  As a result – and in defiance of the claims – the lack of multi-tenant architectures at the heart of most offerings currently positioned as ‘private cloud’ (both hardware and software related, internal and external) probably makes them less secure, less reliable, less cost effective and less configurable (i.e. able to meet a business need) than their ‘public’ (i.e. new) counterparts.

In defiance of the current mass of positioning and marketing to the contrary, then, it could be suggested that companies like Virgin Blue would be less likely to suffer catastrophic failures in future if they seek out real, multi-tenant cloud services that share resources and thus have far greater resilience than those that have to accommodate the cost profiles of serving individual tenants using repainted legacy technologies.  This whole episode thus appears to be a failure of the notion that you can rebrand managed services as ‘private cloud’ rather than a failure of an actual cloud service.

Most ironically of all the headlines incorrectly proclaiming such episodes as failures of cloud systems will fuel fear within many organisations and make them even more likely to fall victim to the FUD from disingenuous vendors and IT departments around ‘private cloud’.  In reality failures such as the case discussed may just prove that ‘private cloud’ offerings create exposure to far greater risk than adopting real cloud services due to the incompatibility of architecting for high scale and failure tolerance across a complete stack at the same time as architecting for the cost constraints of a single tenant.

Private Clouds “Surge” for Wrong Reasons?

14 Jul

I read a post by David Linthicum today on an apparent surge in demand for Private Clouds.  This was in turn spurred by thoughts from Steve Rosenbush on increasing demand for Private Cloud infrastructures.

To me this whole debate is slightly tragic as I believe that most people are framing the wrong issues when considering the public vs private cloud debate (and frankly for me it is a ridiculous debate as in my mind ‘the cloud’ can only exist ‘out there, somewhere’ and thus be shared; to me a ‘private’ cloud can only be a logically separate area of a shared infrastructure and not an organisation specific infrastructure which merely shares some of the technologies and approaches – which, frankly, is business as usual and not a cloud.  For that reason when I talk about public clouds I also include such logically private clouds running on shared infrastructures).  As David points out there are a whole host of reasons that people push back against the use of cloud infrastructures, mostly to do with retaining control in one way or another.  In essence there are a list of IT issues that people raise as absolute blockers that require private infrastructure to solve – particularly control, service levels and security – whilst they ignore the business benefits of specialisation, flexibility and choice.  Often “solving” the IT issues and propagating a model of ownership and mediocrity in IT delivery when it’s not really necessary merely denies the business the opportunity to solve their issues and transformationally improve their operations (and surely optimising the business is more important than undermining it in order to optimise the IT, right?).  That’s why for me the discussion should be about the business opportunities presented by the cloud and not simply a childish public vs private debate at the – pretty worthless – technology level.

Let’s have a look at a couple of issues:

  1. The degree of truth in the control, service and security concerns most often cited about public cloud adoption and whether they represent serious blockers to progress;
  2. Whether public and private clouds are logically equivalent or completely different.

IT issues and the Major Fallacies

Control

Everyone wants to be in control.  I do.  I want to feel as if I’m moving towards my goals, doing a good job – on top of things.  In order to be able to be on top of things, however, there are certain things I need to take for granted.  I don’t grow my own food, I don’t run my own bank, I don’t make my own clothes.  In order for me to concentrate on my purpose in life and deliver the higher level services that I provide to my customers there are a whole bunch of things that I just need to be available to me at a cost that fits into my parameters.  And to avoid being overly facetious I’ll also extend this into the IT services that I use to do my job – I don’t build my own blogging software or create my own email application but rather consume all of these as services over the web from people like WordPress.com and Google. 

By not taking personal responsibility for the design, manufacture and delivery of these items, however (i.e. by not maintaining ‘control’ of how they are delivered to me), I gain the more useful ability to be in control of which services I consume to give me the greatest chance of delivering the things that are important to me (mostly, lol).  In essence I would have little chance of sitting here writing about cloud computing if I also had to cater to all my basic needs (from both a personal as well as IT perspective).  I don’t want to dive off into economics but simplistically I’m taking advantage of the transformational improvements that come from division of labour and specialisation – by relying on products and services from other people who can produce them better and at lower cost I can concentrate on the things that add value for me.

Now let’s come back to the issue of private infrastructure.  Let’s be harsh.  Businesses simply need IT that performs some useful service.  In an ideal world they would simply pay a small amount for the applications they need, as they need them.  For 80% of IT there is absolutely no purpose in owning it – it provides no differentiation and is merely an infrastructural capability that is required to get on with value-adding work (like my blog software).  In a totally optimised world businesses wouldn’t even use software for many of their activities but rather consume business services offered by partners that make IT irrelevant. 

So far then we can argue that for 80% of IT we don’t actually need to own it (i.e. we don’t need to physically control how it is delivered) as long as we have access to it.  For this category we could easily consume software as a service from the “public” cloud and doing so gives us far greater choice, flexibility and agility.

In order to deliver some of the applications and services that a business requires to deliver its own specialised and differentiated capabilities, however, they still need to create some bespoke software.  To do this they need a development platform.  We can therefore argue that the lowest level of computing required by a business in future is a Platform as a Service (PaaS) capability; businesses never need to be aware of the underlying hardware as it has – quite literally – no value.  Even in terms of the required PaaS capability the business doesn’t have any interest in the way in which it supports software development as long as it enables them to deliver the required solutions quickly, cheaply and with the right quality.  As a result the internals of the PaaS (in terms of development tooling, middleware and process support) have no intrinsic value to a business beyond the quality of outcome delivered by the whole.  In this context we also do not care about control since as long as we get the outcomes we require (i.e. rapid, cost effective and reliable applications delivery and operation) we do not care about the internals of the platform (i.e. we don’t need to have any control over how it is internally designed, the technology choices to realise the design or how it is operated).  More broadly a business can leverage the economies of scale provided by PaaS providers – plus interoperability standards – to use multiple platforms for different purposes, increasing the ‘fitness’ of their overall IT landscape without the traditional penalties of heterogeneity (since traditionally they would be ‘bound’ to one platform by the inability of their internal IT department to cost-effectively support more than one technology).

Thinking more deeply about control in the context of this discussion we can see that for the majority of IT required by an organisation concentrating on access gives greater control than ownership due to increased choice, flexibility and agility (and the ability to leverage economies of scale through sharing).  In this sense the appropriate meaning of ‘control’ is that businesses have flexibility in choosing the IT services that best optimise their individual business capabilities and not that the IT department has ‘control’ of the way in which these services are built and delivered.  I don’t need to control how my clothes manufacturer puts my t-shirt together but I do want to control which t-shirts I wear.  Control in the new economy is empowerment of businesses to choose the most appropriate services and not of the IT department to play with technology and specify how they should be built.  Allowing IT departments to maintain control – and meddle in the way in which services are delivered – actually destroys value by creating a burden of ownership for absolutely zero value to the business.  As a result giving ‘control’ to the IT department results in the destruction of an equal and opposite amount of ‘control’ in the business and is something to be feared rather than embraced.

So the need to maintain control – in the way in which many IT groups are positioning it – is the first major and dangerous fallacy. 

Service levels

It is currently pretty difficult to get a guaranteed service level with cloud service providers.  On the other hand, most providers are consistently up in the 99th percentile and so the actual service levels are pretty good.  The lack of a piece of paper with this actual, experienced service level written down as a guarantee, however, is currently perceived as a major blocker to adoption.  Essentially IT departments use it as a way of demonstrating the superiority of their services (“look, our service level says 5 nines – guaranteed!”) whilst the level of stock they put in these service levels creates FUD in the minds of business owners who want to avoid major risks. 

So let’s lay this out.  People compare the current lack of service level guarantees from cloud service providers with the ability to agree ‘cast-iron’ service levels with internal IT departments.  Every project I’ve ever been involved in has had a set of service levels but very few ever get delivered in practice.  Sometimes they end up being twisted into worthless measures for simplicity of delivery – like whether a machine is running irrespective of whether the business service it supports is available – and sometimes they are just unachievable given the level of investment and resources available to internal IT departments (whose function, after all, is merely that of a barely-tolerated but traditionally necessary drain on the core purpose of the business). 

So to find out whether I’m right or not and whether service level guarantees have any meaning I will wait until every IT department in the world puts their actual achieved service levels up on the web like – for instance – Salesforce.  I’m keen to compare practice rather than promises.  Irrespective of guarantees my suspicion is that most organisations actual service levels are woeful in comparison to the actual service levels delivered by cloud providers but I’m willing to be convinced.   Despite the illusion of SLA guarantees and enforcement the majority of internal IT departments (and managed service providers who take over all of those legacy systems for that matter) get nowhere near the actual service levels of cloud providers irrespective of what internal documents might say.  It is a false comfort.  Businesses therefore need to wise up, consider real data and actual risks – in conjunction with the transformational business benefits that can be gained by offloading capabilities and specialising – rather than let such meaningless nonsense take them down the old path to ownership; in doing so they are potentially sacrificing a move to cloud services and therefore their best chance of transforming their relationship with their IT and optimising their business.  This is essentially the ‘promise’ of buying into updated private infrastructures (aka ‘private cloud’).

A lot of it comes down to specialisation again and the incentives for delivering high service levels.  Think about it – a cloud provider (literally) lives and dies by whether the services they offer are up; without them they make no money, their stock falls and customers move to other providers.  That’s some incentive to maintain excellence.  Internally – well, what you gonna do?  You own the systems and all of the people so are you really going to penalise yourself?  Realistically you just grit your teeth and live with the mediocrity even though it is driving rampant sub-optimisation of your business.  Traditionally there has been no other option and IT has been a long process of trying to have less bad capability than your competitors, to be able to stagger forward slightly faster or spend a few pence less.  Even outsourcing your IT doesn’t address this since whilst you have the fleeting pleasure of kicking someone else at the end of the day it’s still your IT and you’ve got nowhere to go from there.  Cloud services provide you with another option, however, one which takes advantage of the fact that other people are specialising on providing the services and that they will live and die by their quality.  Whilst we might not get service levels – at this point in their evolution at least – we do get transparency of historical performance and actual excellence; stepping back it is critical to realise that deeds are more important than words, particularly in the new reputation-driven economy. 

So the perceived need for service levels as a justification for private infrastructures is the second major and dangerous fallacy.  Businesses may well get better service levels from cloud providers than they would internally and any suggestion to the contrary will need to be backed up by thorough historical analysis of the actual service levels experienced for the equivalent capability.  Simply stating that you get a guarantee is no longer acceptable. 

Security

It’s worth stating from the beginning that there is nothing inherently less secure about cloud infrastructures.  Let’s just get that out there to begin with.  Also in getting infrastructure as a service out of the way – given that we’re taking the position in this post that PaaS is the first level of actual value to a business – we can  say that it’s just infrastructure; your data and applications will be no more or less secure than your own procedures make it but the data centre is likely to be at least as secure as your own and probably much more so due to the level of capability required by a true service provider.

So starting from ground zero with things that actually deliver something (i.e. PaaS and SaaS) a cloud provider can build a service that uses any of the technologies that you use in your organisation to secure your applications and data only they’ll have more usecases and hence will consider more threats than you will.  And that’s just the start.  From that point the cloud provider will also have to consider how they manage different tenants to ensure that their data remains secure and they will also have to protect customers’ data from their own (i.e. the cloud service providers) employees.  This is a level of security that is rarely considered by internal IT departments and results in more – and more deeply considered – data separation and encryption than would be possible within a single company. 

Looking at the cloud service from the outside we can see that providers will be more obvious targets for security attacks than individual enterprises but counter-intuitively this will make them more secure.  They will need to be secured against a broader range of attacks, they will learn more rapidly and the capabilities they learn through this process could never be created within an internal IT organisation.  Frankly, however, the need to make security of IT a core competency is one of the things that will push us towards consolidation of computing platforms into large providers – it is a complex subject that will be more safely handled by specialised platforms rather than each cloud service provider or enterprise individually. 

All of these changes are part of the more general shift to new models of computing; to date the paradigm for security has largely been that we hide our applications and data from each other within firewalled islands.  Increasing collaboration across organisations and the cost, flexibility and scale benefits of sharing mean that we need to find a way of making our services available outside our organisational boundaries, however.  Again in doing this we need to consider who is best placed to ensure the secure operation of applications that are supporting multiple clients – is it specialised cloud providers who have created a security model specifically to cope with secure open access and multi-tenancy for many customer organisations, or is it a group of keen “amateurs” with the limited experience that comes from the small number of usecases they have discovered within the bounds of a single organisation?  Furthermore as more and more companies migrate onto cloud services – and such services become ever more secure – so the isolated islands will become prime targets for security attacks, since the likelihood that they can maintain top levels of security cut off from the rest of the industry – and with far less investment in security than can be made by specialised platform providers – becomes ever less.  Slowly isolationism becomes a threat rather than a protection.  We really are stronger together.

A final key issue that falls under the ‘security’ tag is that of data location (basically the perceived requirement to keep data in the country of the customers operating business).  Often this starts out as the major, major barrier to adoption but slowly you often discover that people are willing to trade off where their data are stored when the costs of implementing such location policies can be huge for little value.  Again, in an increasingly global world businesses need to think more openly about the implications of storing data outside their country – for instance a UK company (perhaps even government) may have no practical issues in storing most data within the EU.  Again, however, in many cases businesses apply old rules or ways of thinking rather than challenging themselves in order to gain the benefits involved.  This is often tied into political processes – particularly between the business and IT – and leads to organisations not sufficiently examining the real legal issues and possible solutions in a truly open way.  This can often become an excuse to build a private infrastructure, fulfilling the IT departments desire to maintain control over the assets but in doing so loading unnecessary costs and inflexibility on the business itself – ironically as a direct result of the businesses unwillingness to challenge its own thinking. 

Does this mean that I believe that people should immediately begin throwing applications into the cloud without due care and attention?  Of course not.  Any potential provider of applications or platforms will need to demonstrate appropriate certifications and undergo some kind of due diligence.  Where data resides is a real issue that needs to be considered but increasingly this is regional rather than country specific.   Overall, however, the reality is that credible providers will likely have better, more up to date and broader security measures than those in place within a single organisation. 

So finally – at least for me – weak cloud security is the third major and dangerous and fallacy.

Comparing Public and Private

Private and Public are Not Equivalent

The real discussion here needs to be less about public vs private clouds – as if they are equivalent but just delivered differently – and more about how businesses can leverage the seismic change in model occurring in IT delivery and economics.  Concentrating on the small minded issues of whether technology should be deployed internally or externally as a result of often inconsequential concerns – as we have discussed – belittles the business opportunities presented by a shift to the cloud by dragging the discussion out of the business realm and back into the sphere of techno-babble.

The reality is that public and private clouds and services are not remotely equivalent; private clouds (i.e. internal infrastructure) are a vote to retain the current expensive, inflexible and one-size-fits-all model of IT that forces a business to sub-optimise a large proportion of its capabilities to make their IT costs even slightly tolerable.  It is a vote to restrict choice, reduce flexibility, suffer uncompetitive service levels and to continue to be distracted – and poorly served – by activities that have absolutely no differentiating value to the business. 

Public clouds and services on the other hand are about letting go of non-differentiating services and embracing specialisation in order to focus limited attention and money on the key mission of the business.  The key point in this whole debate is therefore specialisation; organisations need to treat IT as an enabler and not an asset, they need to  concentrate on delivering their services and not on how their clothes get made. 

Summary

If there is currently a ‘surge’ in interest in private clouds it is deeply confusing (and disturbing) to me given that the basis for focusing attention on private infrastructures appears to be deeply flawed thinking around control, service and security.  As we have discussed not only are cloud services the best opportunity that businesses have ever had to improve these factors to their own gain but a misplaced desire to retain the IT models of today also undermines the huge business optimisations available through specialisation and condemns businesses to limited choice, high costs and poor service levels.  The very concerns that are expressed as reasons not to move to cloud models – due to a concentration on FUD around a small number of technical issues – are actually the things that businesses have most to gain from should they be bold and start a managed transition to new models.  Cloud models will give them control over their IT by allowing them to choose from different providers to optimise different areas of their business without sacrificing scale and management benefits; service levels of cloud providers – whilst not currently guaranteed – are often better than they’ve ever experienced and entrusting security to focused third parties is probably smarter than leaving it as one of many diverse concerns for stretched IT departments. 

Fundamentally, though, there is no equivalence between the concept of public (including logically private but shared) and truly private clouds; public services enable specialisation, focus and all of the benefits we’ve outlined whereas private clouds are just a vote to continue with the old way.  Yes virtualisation might reduce some costs, yes consolidation might help but at the end of the day the choice is not the simple hosting decision it’s often made out to be but one of business strategy and outlook.  It boils down to a choice between being specialised, outward looking, networked and able to accelerate capability building by taking advantage of other people’s scale and expertise or rejecting these transformational benefits and living within the scale and capability constraints of your existing business – even as other companies transform and build new and powerful value networks without you.