Cloud Computing Special Part 2: Cloud Control

Gather IT executives in a room and talk of cloud computing billows forth. For CIOs who are already dabbling, projected savings are debated. From bullish analysts and eager vendors, more dazzling benefits are predicted.

Yet just as quickly come the caveats. Questions abound on security, reliability and control over corporate data. The biggest shadow of all is cast over what, exactly, cloud computing means.

A recent academic study identified at least 22 definitions of "cloud computing" in common use, from the broad notion of using the Internet to access any sort of managed technology services (also known as SaaS or software-as-a-service) to the wide-eyed optimist's view that a diverse, powerful lineup of cloud services will be delivered in real time by crash-proof distributed servers "without complicated deployment worries".

The sorry economy is prompting more CIOs to explore cloud computing and its cost-cutting promise, says Doug Tracy, former global CTO for Rolls-Royce. "But it's still an idea that a lot of people don't know a whole lot about."

The core attraction of the cloud is that companies can avoid buying and running hardware, software and other equipment by contracting with a services vendor to run selected systems or applications on its own infrastructure of virtualised servers. The "services" you purchase are delivered in a standardised, multitenancy fashion that observers say will save one-third to one-half of your current costs.

That's certainly appealing as this down economy forces CIOs to seek ever-greater efficiencies from IT infrastructures already as lean as starving wolves.

"We're under tremendous pressure to provide flexibility and agility and to be driving cost models down," says Charles Soto, vice president of IT at Motorola's Broadband Mobility Solutions business, which recently tested cloud computing services for four different applications. But thinking that cloud computing will release an instant reservoir of savings is a mistake, he adds.

To Arthur Winn, head of pricing at BT Group, "cloud" is nothing but a marketing term. The giant London telecommunications company has been doing what could be considered cloud computing for several years, he says. That is, handing over BT customer calling data to a third party to analyse and then let BT access via the Internet. "As long as we are getting more service for less money each year, we're happy," he says.

Making decisions about an over-hyped, under-delivering technology amid today's unrelenting economic pressures certainly isn't easy. So to help uncloud your thinking, we looked into exactly how several companies across various industries are experimenting with cloud computing.

What we found is that cloud is an umbrella term for many services, including SaaS and virtualisation -- anything but traditional computing behind the walls of your own data centre. If you're worried about being behind the cloud curve, don't be.

Spinning the Hype Cycle

CIOs recognise this latest hype cycle all too well. When client-server computing was all the early-90s' rage, every vendor slapped the term onto its marketing pitch whether it fit or not. Then it was data warehousing lining up to provide a single view of all your customers at the touch of a button. Next came ERP systems intended to replace the disparate best-of-breed software across business operations.

Page Break

All of these hype-cycled technologies eventually had a significant impact on corporate computing environments, but invariably at much greater complexity and expense than initially promised.

First, a definition of cloud that makes sense to most CIOs: You don't own the software or hardware and, unlike outsourcing, no specific equipment is dedicated only to you. You access the vendor's systems over the Internet in some secured way. For that access, you pay a subscription fee that rises or falls with how much or how often you draw on the vendor's systems.

Google, for example, offers office basics such as e-mail and word processing, with password protection and a per-user fee. Amazon offers substantial systems such as complete e-commerce or storage facilities, and charges per hour or per gigabyte for various configurations. From a newcomer such as Skytap, which provides virtual data centre services, you get access to application development and testing environments for a monthly base charge and pay extra for virtual-machine, storage and data-transfer options. Cloud permutations range from network plumbing to business applications (see "The Cloud Takes Many Forms", page 55).

But using a cloud of someone else's technologies isn't as simple as telling Amazon to open its doors to accept your data, then writing a check every month, cautions Motorola's Soto.

He would love to retool Motorola's IT to match computing power and cost-to-user demand, whether it falls during a bad economy or rises during a good one. "How do we find a consumption-based model to pay for what we use, to be able to spin them up quickly or shut down without having to be burdened with depreciation schedules in the normal IT process?" he asks.

That idea appeals to many IT leaders considering cloud computing, says Tom Pettibone, managing partner of consulting firm Transition Partners. CIOs have had to design their data centres to take peak loads. But during off-peak times, that capacity sits unused and idling at great expense, Pettibone says. "That costs you every day."

In the Skytap experiment, Motorola put four applications on Skytap servers: a project management tracker, a Web design application, an IT asset management database and a Microsoft Active Directory application. For $US1000, a small group of Motorola employees could test how those applications worked on Skytap's cloud for 30 days.

Motorola is used to getting IT from outside its own walls, with 33 SaaS applications in production, including Salesforce. But what the cloud experiments showed, Soto says, is that agility and cost savings come with trade-offs. While he estimates the cost at one-third to one-half of what Motorola normally spends on those applications, Skytap's security needs work, he explains. Motorola's people could see each other's data, he says. "That's very significant."

Plus, adds Sujit Sinha, senior director of IT strategy and architecture at Motorola, complying with Sarbanes-Oxley regulations about segregation of duties in the cloud appears difficult. "We didn't see a way to segregate who has rights to do what," Sinha says. That raises concerns about failing a Sox audit, which requires clear evidence of employee assignments that present no conflicts of interest when handling company financial data.

Skytap is learning from its customers, says Ian Knox, the vendor's director of product management. Security settings can be changed to protect data from the eyes of others, he says. A few weeks after Motorola's test ended, Skytap added several reporting and role-based access features to address Sox concerns, Knox adds. In cloud computing in general, Sinha notes, other issues also need to be worked out, such as who has rights to your data. With no universally accepted terms of what a cloud vendor can and cannot do, he says, "you have to work it out in your contracts."

Despite the obstacles, Motorola is moving forward with its cloud initiatives. Next, they will pilot cloud services from a bigger player and, within the next quarter, they hope to have a small cloud application in production. Says Soto: "We'd do it yesterday if we could."

Page Break

Price Modelling: Game Changer

At BT, what Winn considers the cloud began years ago. Winn's group, which sets rates and deals for mobile phone calling plans, had to compete with other departments for time on BT's internal, massively parallel servers. The group couldn't get enough time to run many queries to test new pricing ideas, Winn says, so they looked outside the company for computing power.

BT contracted with Kognitio for "data warehousing as a service", done on the vendor's servers on data BT ships via the Internet. Each month, BT sends the vendor hundreds of millions of call centre records, or about 3.6TB of data. Kognitio then performs regression analysis so BT can study customer churn, for example, and what-if scenarios to discover how new price plans would play out.

BT pricing specialists can log in to Kognitio's machines through a Citrix server to play around with the data, making queries using Business Objects tools. "The concept of interested people sharing a common resource has been around forever," Winn says. "It's the model of the combine harvester."

Augmenting its computing resources this way has allowed BT to launch ground-breaking mobile phone plans. A few years back, mobile phone competition was a race to the lowest per-minute rate.

BT wanted to know whether capped pricing would be profitable. That is, no call would ever cost more than, say, five pence. By applying that theoretical pricing package to a month's worth of real calling data from every BT customer, the company determined that such a scheme would be profitable. So BT went ahead with it. "BT is never going to be the lowest per minute," Winn says. "We needed to change the game."

Page Break

Winn's group might have done such modelling with Excel spreadsheets on a subset of BT data. But aggregates and averages are a risky way to model, he says. Abstractions can distort results. Working out pricing problems on Kognitio's servers lets BT use actual customer data -- and lots of it. "When the answer comes out, it has a lot more credibility," he says. "This isn't a few assumptions in a spreadsheet. It is truly penny perfect."

A Cloud By Any Other Name

Jim Swartz, CIO of Sybase, sees potential in cloud computing but isn't ready to give up his company's data to a third-party host. Instead, he has virtualised Sybase's servers -- essentially creating his own private cloud -- so he can study the best way to use the architecture.

At Sybase, a private cloud of virtual servers inside its data centre has saved nearly $US2 million annually since 2006, Swartz says, because the company can share computing power and storage resources across servers. The virtual setup also lets Sybase move data electronically from one physical site to another, for a more agile disaster recovery program.

Whenever you hear the term "private cloud", understand that it's "nothing more than virtualisation", notes David Linthicum, principal of Linthicum Group, a consulting firm that specialises in enterprise architecture and Web technologies. Virtualisation lets CIOs take advantage of the economics of cloud computing, he says, but within their own walls and under their own control.

Virtualisation has certainly saved money for Norton Healthcare, a nonprofit hospital system in the US, although CIO Joe DeVenuto declines to cite exact figures. Norton recently revamped its data centre with vendor Emerson Network Power, installing 160 virtual servers. The goal was to milk every drop of computing power and storage capacity from its machines. Virtual servers scale up and down fast, and new ones can be added in less time than it takes to configure a traditional server, DeVenuto notes.

Cloud vendors might be even more efficient than he is, De-Venuto says, but that extra oomph isn't worth the risk of letting go of patient data from Norton's four hospitals, 10 urgent care facilities and 60 doctor's offices. He would consider cloud for disaster recovery, he says, but not for primary computing. "I'm fairly conservative. It's a struggle for me to put patient information in the public cloud."

E-mail Options To Explore

One organisation more willing to farm out some of its data is the United States Golf Association, which governs the rules of golf and runs 13 championships every year. Daily operations at the USGA rely heavily on their own e-mail system because they are in continual contact with their constituencies, such as state and regional golf associations, USGA members, championship host clubs and the general golfing community. Even an hour of downtime would cause major disruption to this workflow, says Jessica Carroll, managing director of IT.

Carroll wanted to revise an existing e-mail backup plan that would take hours or days to recover. Under that plan, the IT department would handle the entire recovery process, including ordering new hardware to start from scratch. To take the weight off her team's shoulders and to make sure the company wouldn't lose data or productivity, she signed a deal last year with IBM to host a replication of USGA's e-mail system in IBM's data centres.

If a USGA server hits a problem, Carroll can click a button to switch to the replicated version that IBM maintains for her, she says, without USGA users noticing a thing. Then her IT department can fix the internal issues. The e-mail system carries USGA's most critical data, such as membership information and correspondences between the constituents.

Before Carroll could feel comfortable with the deal, however, she extracted stringent service-level promises from IBM. For example, in the event of a short-term outage such as a hardware failure, IBM must immediately provide a year's worth of backed-up e-mails for senior management of the USGA staff so they can continue e-mailing without waiting for repair. In the event of a full-blown crash, IBM would provide multiple years' worth of messages. The hardware and software for this kind of backup and recovery system would have cost the USGA too much to do on its own, Carroll says.

Page Break

Hamilton Beach Brands, a designer and marketer of small household and commercial appliances in the US, also dipped a toe into cloud computing via e-mail. When the time came to upgrade Lotus Notes last year, the appliance company hesitated.

Hamilton Beach hadn't refreshed Notes in three years and Jerry Hodge, senior director of information services, knew jumping from Notes 6.53 to version 8 would force him to upgrade his IBM iSeries servers and retrain the 500 users on the system. A lot of expensive work just for e-mail, he thought.

Hodge asked his staff to look into Google's Gmail service, among other alternatives. E-mail hasn't been a competitive differentiator for years, he reasoned. By subscribing to Gmail for a monthly per-user fee, Hamilton Beach would avoid the expense of new hardware, software licenses and training. Because Google provides archiving and retrieval, Hodge also figured he'd save on items such as backup tapes and disks and the IT labour to support electronic discovery for lawsuits or audits.

"Over five years, the cost would be half," he says, looking at a spreadsheet comparing the Notes upgrade to Gmail. Such savings in capital and ongoing operating expenses were too compelling to pass up, he says.

"Let someone in the cloud run e-mail and free up my guys' time to work on stuff that does make a difference."

Doubting the Cloud

It's one thing to put a basic, almost self-contained system like e-mail into the hands of an outside service provider. Quite another to off-load more complicated, interdependent applications filled with sensitive customer or competitive data, says Tracy, who recently left Rolls-Royce to become CIO of auto parts and systems company Dana Corp. "I don't think there's a mad rush for people to put their ERP systems in the clouds," he says.

For Tracy and other sceptics, security and reliability issues raise serious questions. Outages of Gmail for several hours in February and April frustrated a mass of customers. Amazon, too, has experienced outages due to authentication overloads and other problems.

How much these issues matter will vary depending on the criticality of the system and the risk tolerance of the CIO, Tracy says.

Security is especially important at Rolls-Royce, which makes such items as jet engines for military aircraft and power systems for Navy ships. (The fancy cars are made by BMW.) As a defence contractor, the company is bound by strict federal technology and physical security regulations.

He contemplated cloud computing but not with Amazon or Google partly because, he says, they won't let customers inspect their data centres -- and that's a show-stopper for Tracy.

"You say you want to try cloud computing, but it's only a few hundred bucks a month to them and they say it's not cost effective to allow this tour," he says.

Google, for one, has heard this criticism before. Its response is that customers can feel comfortable with Google Apps because its systems and processes have passed a SAS 70 Type II audit of controls in place to protect data. Google has also published on its enterprise blog some of the ways it manages customer information.

That helps a little, Tracy says, but it's far from enough when he worries about exporting sensitive data. "That requires us to understand where the data is hosted and who has access, [even] the nationality of everyone who is a system administrator," he explains. "That's not feasible in cloud computing, where processing could be in any data centre around the country at any given moment."

The People Costs

Adopting cloud whole hog could cut IT staff by 10 percent to 15 percent, according to McKinsey. That's just what no one below the CIO wants to hear. At Hamilton Beach, which simply handed over e-mail to Google, Hodge says he saw fear. "My team was apprehensive about cloud. Thought it would put them out of a job," he says.

But no one has lost his job because of cloud computing, he adds. Instead, he's been able to reassign duties to let staffers do more productive work in areas such as business continuity.

For many CIOs, enthusiasm about cloud computing's potential is tempered by sobering worries about early-stage hurdles. "The will to experiment is there," notes Shiva Swamy, executive vice president of IT services firm ZSL. "Surely the bad economy provides the impetus, but there are many unknowns that we all have to figure out together."