The confusion over cloud service model definitions continues to be driven by the pace of evolution in the market, according to Darryl Humphrey, senior manager leading the Canadian cloud practice at Deloitte & Touche LLP.
Definitions that sufficed one or two years ago “are not granular or sophisticated enough to reflect what is being offered in the market today,” he said. And this confusion is likely to continue, according to Humphrey, because the market types of services available will keep changing and pushing the definitions.
Jay Muelhoefer, vice-president of enterprise marketing at Markham, Ont.-based Platform Computing Corp., a private cloud provider, expects 2011 will reach the inflection point where there is “more or less an agreement” over the definitions of software-as-a-service (SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS).
But the industry continues to spend a lot of time defining what the three cloud service models are, and also how vendors sit within that larger picture, said Muelhoefer. “It’s almost comical,” he said. “Pretty much any Webinar you attend starts out with a few slides that are just definitions.”
Cloud definitions are beginning to clear, according to Brian Wolff, vice-president of sales and co-founder of Indianapolis, Ind.-based public IaaS cloud provider BlueLock LLC. “I see it getting clearer and clearer as companies begin to evaluate what it is that they want that as-a-service to do,” he said.
“I think the confusion comes in when you have companies that attempt to ‘cloudwash’ or just call what they’ve done in the past ‘cloud.’ People are confused by the fact that they didn’t call it cloud yesterday. Why are they calling it ‘cloud’ today?” said Wolff.
David Senf, research director of infrastructure solutions at IDC Canada Ltd., also believes part of the problem is marketing wanting to “associate as much product as possible” with the cloud. “SEO was the last time we saw … this much confusion,” he said.
Defining the cloud
Analysts, experts and vendors agree that the definition of cloud computing set forth by the National Institute of Standards and Technology (NIST) is a good place to start, and several use the two-page NIST document as a foundation for their own definitions.
NIST’s outline is “generic enough that you can leave the politics out,” said Jack Daniel, community development manager for Internet security provider Astaro GmbH & Co. KG. “Even to the people who want to argue about everything, I say, ‘At least let’s use this as the starting point for an argument,’” he said.
Platform Computing also adheres to NIST. “The NIST definition has really come to help as an independent third party,” said Muelhoefer. “People are understanding how they can actually use these types of services in their company for businesses to benefit and that is making the conversation a lot easier,” he said.
To define whether a service is a fully developed cloud service, Humphrey said he uses the PURSE acronym. It must offer a pay-as-you-go billing model; ubiquitous access from any device; resource pooling; self-service; and elasticity in terms of scaling horizontally and vertically on demand, he said.
“There is no ‘cloud,’” said Humphrey, referencing a Deloitte white paper. “Cloud computing is a type of delivery model. It is not a thing,” he said.
John Sloan, lead analyst at InfoTech Research Group Inc., uses three attributes to define a cloud service: it is typically a third-party managed service, a shared environment, and elastic in terms of scaling up or down in usage depending on your need, he said.
Senf also uses three points to define what the “cloud” is relative to hosting services or on-premise licensing and maintenance offerings: self-service, multi-tenant and elastic in terms of usage and billing. “If you have these three things, you are talking about cloud and you can apply those criteria to define private cloud, public cloud and in-between hybrid cloud,” he said.
SaaS, PaaS and IaaS
A recent IDC Canada study on cloud usage by percentage of Canadian organizations, which surveyed 305 organizations representing all sizes, verticals and regions across the country, found 35 per cent of organization using the SaaS service model, 10 per cent using PaaS and 21 per cent using IaaS, said Senf.
“There is going to be more deployment of SaaS simply because it’s been around for a long time and has had more time to mature,” said Sloan. Leading SaaS vendor Salesforce.com Inc., for example, started as an Application Service Provider (ASP) roughly a decade ago, he pointed out.
With SaaS, you are basically licensing the right to connect to an existing application or system on the Internet, said Daniel. “People that are used to what we used to call ASPs think that SaaS is the same thing, but an ASP is me putting a system on the Internet that provides an application. There’s no guarantee that it can expand dramatically,” he said.
PaaS is where you get access to the capability to create services, said Humphrey. “We are seeing some activity there, but not as much as the IaaS side,” he said. A well-known example is Salesforce.com’s Force.com, which provides a toolkit to build applications.
IaaS is essentially a capacity service that provides you with hardware and an operating system, said Humphrey. “We are seeing companies looking for the ability to access that capacity either because they need to offload from their own, or it’s an opportunity to try new activities without having to invest heavily,” he said. “One thing that all the definitions bother me a little bit about is that they basically start by saying there are three ways that cloud work: IaaS, PaaS and SaaS. I differ slightly in that I think there are three kinds of IT-as-a-service and they can all be delivered by cloud computing, but they are not synonymous with cloud computing,” said Sloan.
SaaS, PaaS and IaaS are associated with the cloud because external clouds deliver those services, but they are not “exclusive to the cloud,” said Sloan. “What is happening now is that they are becoming synonymous with cloud and that is kind of the problem when you talk about internal,” he said.
IaaS, which is essentially the ability to buy or rent infrastructure services from external provider, pre-dates cloud computing and is a particularly confusing area, said Sloan. IaaS is a way of delivering IT-as-a-service, which can be delivered out of a cloud, a managed service provider or a co-location provider, he said.
“You can have all kinds of arguments about whether applying cloud to internal infrastructure even makes sense because it isn’t infinitely scalable, you don’t share it with other people, you pay for the whole thing,” said Sloan.
One of the things IT departments are doing to move towards everything-as-a-service as opposed to everything-as-an-asset is to develop as internal IaaS providers, said Sloan. “It may be unfortunate that they end up saying ‘internal cloud’ because that seems to resonate with everybody,” he said.
“Overall adoption of external cloud services is still relatively nascent,” said Sloan. “In spite of a lot of talk about the cloud, most enterprises are still doing most of their stuff internally,” he said.
A recent InfoTech survey asked IT managers and CIOs whether they were planning to focus on developing internal cloud services first (before external services), internal cloud service solutions only, or external cloud services only and found that 76 per cent of respondents planned to focus on the internal cloud, said Sloan.
Private vs. Public vs. Hybrid
Defining cloud deployment models may be a greater challenge than defining cloud service models. “There is more confusion today between the private cloud, a public cloud and the hybrid cloud,” said Muelhoefer.
Hybrid is “not a different form of cloud” but a balance between private and public, said Senf, and it’s important that firms find the right balance between the two. “When an organization makes the decision to go with one vendor versus the other, they may well be making decisions that impact their organization three plus years down the road,” he said.
It’s also important that firms make the right decisions now in terms of governance, according to Senf, who expects to hear “a lot more” about cloud governance models in the next year. “You can’t really do hybrid cloud well or do a strategy if there isn’t a governance in place around it,” he said.
Senf is surprised to see “how strategic cloud has become in Canada” and over such a short period of time. “Early on there was a lot of skepticism and cloud adoption, where it was occurring, was very ad hoc. But what we are seeing now is that organizations are taking more of a strategic approach,” he said.
But he added caution over planning time horizons. “Organizations take on average only a one year time horizon for the planning of their IT investment and when you think about determining the best balance between determining public and private and the in-between hybrid cloud … a one year time horizon probably is not long enough,” said Senf.
Another surprising cloud trend among Canadian enterprises, according to Senf, is vendor selection. That “personal touch” is less a requirement than it has been in the past, he said.
IDC Canada asked Canadian organizations about the must-have characteristics of their preferred supplier of cloud computing and found competitive pricing and strong SLAs at the top of the list, said Senf. The four lowest ranking characteristics were established market player, tech innovator, having done business with the vendor in the past, and having a local (Canadian) physical presence.
Emerging sub-categories of the SaaS, PaaS and IaaS cloud service models include CRM-as-a-service, analytics-as-a-service, business-process-as-a-service, e-mail-as-a-service, database-as-a-service, desktop-as-a-service and compute-as-a-service, noted Humphrey. “Essentially, any component that can be virtualized can be offered as a service,” he said.
“Everything-as-a-service is a philosophy that if you are good enough with your virtualization technologies and learn how to manage a cloud, you can provide anything as a service,” said Humphrey. To classify as a fully developed cloud service, it must also include the five PURSE features, he noted.
Not every application will benefit from a cloud model, said Humphrey. To determine what is worth considering, IT managers should look for processes with the following four characteristics: relatively modular or discreet; not highly dependent on other applications within the business; highly variable with peaks and valleys in the volume; and use data that is safe to move outside the firewall, he said.
“The more ubiquitous computing services become, the closer we get to everything-as-a-service, but some things are always going to make more sense on the ground,” said Daniel. “Even in private cloud instances, you have to worry about how the data transits from where you are sitting to where it is stored,” he said.
Sub-categories of SaaS, such as CRM and collaboration, are currently leaders in terms of Canadian enterprise adoption, according to Senf. And storage, a subset of IaaS, is one area where IDC Canada anticipates significant growth, he said. Canadian organizations are storing roughly 11 per cent of their data online today and this number is expected to increase to 24 per cent in five years, he said.
Cloud is the next stage in that evolution towards IT-as-a-service, said Senf. IT-as-a-service is “the goal that CIOs have been chasing for over a decade now” and a more useful term to describe everything-as-a-service, said Senf.
“Organizations shouldn’t get mired in the as-a-service name game,” said Senf. “SaaS, PaaS and IaaS are artificial and frankly useless distinctions that serve only to confuse. The average IT pro or CIO shouldn’t care about the fine details of cloud definitions … Calling an e-mail service SaaS, an online development tool PaaS and a server on-demand IaaS adds no value to IT planning,” he said.
References to the cloud are so overused that the term is becoming meaningless, said Sloan, who also prefers delivering “IT-as-a-service” over the “everything-as-a-service” terminology.
The fundamental change that cloud services (everything-as-a-service) call for is a reorientation from IT as a function of enterprise asset management to IT as a service, said Sloan. “The real challenge is that, traditionally, IT is not managed as a service,” he said.
“One of the things you inevitably come up against is the idea that IT has been delivering services all along, but so much of the discussion between IT and the business and so much of the vocabulary around IT is around the acquisition, configuration, deployment and maintenance of hard assets like computers [and] network switches,” he said.
IT also needs to become more like a managed service provider internally, said Sloan. The business needs to see IT as information-technology-as-a-service that can be provided from an external source, he said. “If internal IT is going to get the most out of both external providers and keep its own relevance going forward, it has to talk as if it is a managed service,” he said.
What’s right for you?
Daniel suggested IT managers start by spending a few days just “playing” with cloud services. “The truth is that the hardest thing for getting your feet wet is really just committing the time,” he said.
“Find a handful of providers and spend literally a few dollars,” said Daniel. “In the process, you will answer some questions and you will ask more and things will start to make sense,” he said.
One point that people must understand is that you can’t outsource responsibility for the data, said Daniel. “No matter what you do, you can’t outsource responsibility … it comes back to you,” he said.
IT managers considering IaaS often start by building out their business cases on paper, said Muelhoefer. But he recommends doing a proof of concept with vendors that support Open Choice to see the possibilities within their own organization. “You can try to study as much as you want, but the real world experience will give you the grounding to figure out what really is best for your company,” he said.
Before contacting a cloud vendor, IT managers need to understand what they are trying to do, advised Wolff. “You start with the requirement and then you look for the level of cloud that you need to be able to deliver the ultimate end goal to the business,” he said.
Six Questions to Ask
Deloitte Canada suggests organizations ask the following six questions in order to obtain a finer grained definition of what a particular service really is, said Humphrey.
First, ask what is your role in the service (i.e., are you the provider, subscriber or broker aggregating the services). Second, ask what capability is it (i.e., is it CRM-as-a-service, database-as-a-service, etc.). Third, ask what is the source (i.e., is it internal or external to your environment or potentially a hybrid), he said.
Fourth, ask about the access model, which includes public access or multi-tenant models that anyone with a credit card can access, external services provided with private access to form a virtual private network, or restricted access where you have a purely internal cloud that only people from your organization can access, he said.
Fifth, ask what is the costing model. You need to be aware of what you are billed on, such as storage, network traffic or compute cycles, said Humphrey, and whether it is a true cloud service with consumption-based, pay-as-you-go billing. Sixth, as what are the relevant jurisdictions.
The last question is “a big one” for Canada, said Humphrey: Determine whether your data will be in the province, within the country, and if it is going outside of the country, where it is going and how you know it is going where the vendors says it will, he said. Financial services or health industry regulations may also involve specific legislation you need to be aware of depending on the type of service you are looking to use, he said.