Not so long ago, cloud computing services were viewed as alternative or fringe options for large enterprises – useful for limited purposes, but not viable as mainstream solutions.
However, given the rapid rate of technology evolution over the past 12 months, there is now an air of inevitability around migration to the cloud.
In the past, the focus was on the risk to enterprises of moving to the cloud. That focus hasn’t gone away but the debate has now moved on.
The cost imperatives and speed-to-market capabilities are so compelling that we will be forced to find solutions to address any impediments arising from security, privacy, data sovereignty, etc. And it’s only a matter of time before just about everything will be delivered as a service.
Cloud as a disruptor – parallels with offshoring
The approach to cloud has some parallels with the migration to offshoring. Not that long ago, the risks and challenges around offshoring created enormous angst and political heat.
But due to various imperatives – a lack of onshore skills, cost, and the need to rebuild controls – a “new normal” has emerged with a significant proportion of IT and business processes migrated offshore.
Ironically, cloud solutions have the potential to create a far greater disruption for the local IT industry than was the case for offshoring. They displace the need for existing IT resources across an entire IT stack – from the data centre through to infrastructure and apps – impacting on supporting IT resources across those layers.
Speculation is now rife as to the long-term impact of cloud on the traditional IT sector.
Cloud as a driver of our competitiveness
What matters now is the speed and sophistication with which Australia takes up cloud given the opportunities that cloud implementations provide for huge leaps in competitiveness. Is Australia lagging behind regional and international markets in the take-up of cloud, and if so, what are the impediments?
In particular, are there legal or regulatory impediments, recognising that Australia’s privacy laws set a high-water mark for protection of personal data across the Asia Pacific region?
Are Australian enterprises more conservative in the take-up of cloud, as compared with their competitors across our region? And are Australian in-house IT teams adopting an approach of self-protection in relation to cloud? That is, are they behaving like ‘box-huggers’, wanting to retain control over their own IT shop regardless of the cost consequences?
Opinions vary greatly: this was a hot topic of debate at a recent industry forum held at Gilbert + Tobin. Why does it matter? Because Australia’s use of technology such as cloud will go to the heart of our competitiveness across all areas of the economy – from the corporate world all the way through to the local restaurant or retail store.
Of course the cloud is a global model. Just as with free trade and the removal of trade barriers, we will also need to address the challenges of the global cloud.
Managing cloud risks
It is generally recognised that technology tools and processes already exist to protect sensitive data in the cloud (including via the obfuscation of data). However, there are still legal and regulatory hurdles in moving to a global cloud.
We are currently seeing the use of workarounds through a mix of local and global clouds; and hybrid clouds, a mix of public and private clouds.
This enables sensitive data to be restricted to local and/or private clouds. The biggest challenge lies in ensuring the seamless integration of those multiple cloud solutions, across multiple jurisdictions and different (often conflicting) regulatory requirements.
Ultimately, legal and regulatory solutions will emerge to support the migration to global clouds, and enable large enterprises to realise the efficiencies of the global cloud.
For example, contract obligations can be imposed on global cloud operators to handle information in accordance with the standards and policies required under Australian law. Consequently, cloud operators will have little option but to accept these obligations if they are to facilitate cloud take-up across large enterprises.
Contracts can also be combined with mutual recognition regimes across nations. The twenty-one APEC economies have initiated steps for a model for global interoperability among privacy regimes.
If successfully implemented, this will provide mechanisms for organisations to have their privacy policies and practices certified as being consistent with data privacy standards that are recognised throughout the Asia-Pacific region.
Commercial challenges
From a commercial perspective, there are opportunities for cloud providers to differentiate themselves by offering commercial terms for cloud solutions that align with the business needs of large enterprise customers. The commodity “one-size-fits-all” approach to cloud is a myth, and will simply not work in the large enterprise environment.
Enterprise customers will need to be discerning about ensuring that the cloud offerings meet their commercial requirements.
For example, while cloud solutions can offer greater flexibility and portability under “rental models” (without up-front investment), these benefits will not be realised if the commercial terms require a long-term “lock-in”.
It is important to ensure that the commercial terms don’t create limitations around the potential opportunities of cloud solutions.
Enterprise customers will also need to manage the risks around business processes “falling between the clouds”, due to the challenges of integrating multiple cloud products. The end goal is seamless, end-to-end service delivery (with performance commitments) across multiple clouds.
The adoption of cloud will require significant development of new in-house skills –less focused on the provision of IT services, and more on a business or “broker” role.
For instance, new in-house procurement skills will be required to ensure that large enterprises still achieve their required performance standards, business outcomes, seamless service delivery and appropriate risk allocation in the multi-cloud environment.
People will also need to know how to manage multiple cloud solutions, particularly given the emergence of new service management methodologies to meet the demands of the multi-cloud environment.
These challenges will also require far greater collaboration between the cloud providers themselves, through commercial alliances and partnering.
They will need to work together to allocate responsibilities between themselves and deliver seamless end-to-end services with performance standards that meet the demands of large enterprise environments.
Bernadette Jew is a senior technology partner at Gilbert + Tobin.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.