In many respects, cloud computing in all its myriad forms is young. Just like it is a matter of time needed for various technologies to mature, cloud computing too needs to evolve. The whole area related to handling the huge, often unstructured data sets associated with large-scale clouds arguably hasn't even established a consistent vocabulary yet. However, it is also true that beyond basic technology underpinnings, the integration of component tools into useful systems to make them consumable by IT organisations is still in its early phases.
That said there's been enough practical experience with cloud computing that we can start to discern some patterns. These patterns will doubtlessly evolve over time as new offerings become available or impediments to adoption recede. However, the following five observations tell us a lot about how cloud computing is being used today and which approaches are striking chords with users and which aren't.
Software-as-a-Service (SaaS) — Yes, but narrowly. Applications, not computing infrastructure or development frameworks, are the things with which end users interact. That's why a company like Salesforce.com became one of the early poster children for cloud computing. And, indeed, SaaS and related forms of online Web services dominate in certain verticals, such as customer relationship management. However, in what will emerge as a familiar pattern, legal and other risk management concerns give many enterprises pause when considering SaaS for even a seemingly innocuous function like email. They ask questions about, for example, notification procedures in the event of a data breech or a judicial order—and often don't get clear answers. For certain types of applications typically those that are relatively standardised across different companies, SaaS will doubtlessly continue to grow, but enterprise adoption will require offerings that are operated under processes that have enterprise needs in mind.
Enterprises build private / hybrid clouds, across heterogeneous infrastructure. Medium to large enterprises in both the private and public sector have begun to move past the planning stages and are building clouds. They're building rather than renting from public providers partly because of the aforementioned compliance and risk management issues—their own infrastructure may not be inherently more secure or reliable but they have visibility into and control over it. However, it's also the case that large organisations have complex needs and need to accommodate an existing portfolio of applications and infrastructure. They want to start gaining efficiency from public clouds and offer their own users the sort of self-service and speed of ramping up new computing resources they see in public clouds—but to do so under their own terms. This means they can't just build a new IT infrastructure from scratch or add an additional set of cloud resources alongside their legacy infrastructure. Their goal is to build a cloud that leverages as much of their existing IT as possible.
Maintaining future flexibility is one core concern. And, as organizations build clouds, we hear repeatedly from them that they are determined cloud computing should not become yet another means to lock them into a specific product set or technology. It's telling that the original thrust behind cloud computing was not so much the vendor community, but end users looking to deal with exploding complexity and scale. This is also why open source software is a major player in both public and private clouds. It offers great value, sure. But it also introduces the opportunity to shape projects in ways that respond to your priorities and requirements. Thus, organizations are generally taking approaches that maximize portability and interoperability across different clouds. It's no coincidence that even those cloud computing offerings that don't really meet any reasonable definition of ‘open' nonetheless promote themselves as if they were.
Compliance and risk management are also other core concerns. We mentioned this already but it's worth discussing in a bit more detail because it arises so often in cloud computing discussions and is intertwined with so many decisions. To be clear, this isn't a comment on the relative security or safety of public versus private clouds or anything that simplistic. Rather, it's the observation that cloud computing needs to be systematically considered as part of an integrated IT governance process. The outcome of such a process may well be that certain types of data and applications can't run in a public cloud, or can only run in certain public clouds, or can only run when certain conditions are met. (For example, perhaps data can't be stored or replicated in a different country.) Nor is risk management solely about external providers. For example, private clouds can provide self-service access to users. This implies access controls, the establishment of policies and workflows, and appropriate auditing.
Platform-as-a-Service (PaaS) is intriguing developers. PaaS is the newest aspect of cloud computing and the most nascent. PaaS can be thought of as providing developers with useful abstractions that let them create applications more easily. It can also provide them with the means to then run applications without getting overly involved with the mechanics of the underlying infrastructure. This touches on a relatively new concept called “DevOps,” which talks to the idea that the traditionally distinct roles of operator and developer are starting to blend in some contexts. PaaS takes a number of different forms but, in keeping with the way organizations are thinking about clouds broadly, the most widespread momentum seems to be behind approaches that provide portability between clouds. This means that a developer could use one PaaS to develop an application and later decide to deploy that application somewhere else making minimal or no changes.
We've covered several different cloud computing threads. But there is a unifying thought. “Organizations are adopting clouds that recognize the value of the IT investments that they already made and the legal, regulatory, and risk management regime under which that IT must operate. And they're doing so in ways that maximize their future flexibility.”
(The author is GM, India Subcontinent, Red Hat. The opinions expressed are his own.)