CIOs Must Fit the Cloud Into IT Strategy

"I got interested initially in cloud because of the pricing model: the fact that I could potentially buy capacity as I needed it and pay for it as OpEx instead of CapEx," he said. "That essentially lowers the bar for innovation because I can build something quickly and deploy it quickly. This is a hugely important phenomenon in cloud."

"It was also a major driver of open source, where if I could get a server for free in Linux and deploy it, I could as a developer actually try something out," he said. "The cloud just took that and blew it out on steroids. There’s probably not a single startup that comes through my office, and probably not through yours, that isn’t deploying on cloud infrastructure. They might keep the customer database in their own data center, but all their storage and all their compute sits on Amazon or it sits on Rackspace or it sits out there somewhere in the cloud. That is a huge opportunity for innovation, for things that change the way companies work together. You see this now reflected in the investments of the major infrastructure providers. You also see it reflected in the growth of companies like Salesforce and Google. Google Apps for Business, Google Apps for Government, that’s a billion dollar business today."

Schadler noted that Forrester’s discussions with CIOs indicates that cloud computing is a top of mind consideration for most. And he said that most organizations are not looking to the cloud as a method of cost management, but for "extension"-the capability to take their business in new directions faster.

Sultan Khan, Global IT Strategy & Governance Practice Head at Tata Consultancy Services (TCS), agreed.

"What we’re seeing is that every CIO is thinking, talking and doing something about cloud, clearly with a very reasonable degree of maturity," he said. "We recently conducted a survey with our clients and found that 10 percent or less of the cloud-based solutions are actually out in the public space. Today, close to 90 percent of the solutions sets are being developed within the internal cloud space. What is interesting is when you ask them about where they are going by 2015, a lot of them see that ratio being 30 percent or so in the public service space. There is a definite shift towards not only cloud, but also taking it from the inside to the outside."

Practical Cloud Computing

Philip Jacob, senior director of risk management at Axioma, a provider of optimization software and financial risk modeling software for the financial services industry, said his organization has turned to the cloud-and specifically Microsoft Azure-to provide the raw computational power for its services rather than build out new servers each time it takes on a new project.

"It’s allowing us to be able to plan much more effectively," he said. "We don’t have tell our clients in advance, "here’s the level of service we can offer you." We can tell them, "here’s the potential," and then we can just buy on demand the services necessary to do whatever and however complex calculations they require."

Jacob noted that such a model allows Axioma to be much more efficient as well, because most of the demand for its risk management reporting only occurs for about eight hours a day. If the organization bought hardware to serve its needs, it would sit largely unused for 16 hours a day.

"It’s a way to only get the capacity when we need it, but also not to have to plan what could be very large potential acquisitions in advance," he said.

David Goodman, chief technology officer of the International Rescue Committee (IRC), an organization founded at the recommendation of Albert Einstein to rescue intellectuals and artists from the Nazis, said the cloud allows his organization to better allocate staff resources. Today, IRC provides humanitarian services to refugees around the globe. Goodman leads a staff of 26 based in New York and Nairobi, overseeing teams focused on infrastructure, application development and project management. He is also responsible for RescueNet, the organization’s global intranet.

"I have a lot of things I have to do," he said. "I’ve got all the problems of a global organization and very few of the resources. I have to make sure that my staff is working on the stuff that really needs doing and try to push out the rest of the stuff. Email is a great example. It’s the most important thing we do, but I don’t think we need to be top-level Exchange architects and administrators. Other people will do that perfectly well. Storage is another example. I don’t really want to deal with storage anymore, so I give that to somebody else. That gives my staff an opportunity to focus on the things we have to be excellent at, which is delivering services to local field organizations.

Ari Lightman, director of the CIO Institute at Carnegie Mellon University noted that he sees the enablement of a mobile workforce as one of the most promising aspects of cloud computing. He pointed to Cedars-Sinai Medical Center, which now gives every new intern an iPad rather than deal with flip charts.

"They know where they are and they know how to push information to them," Lightman said. "That makes them more productive and allows them to deliver better care."

TCS’s Khan agreed, adding, "When we think about mobile, it’s a natural fit. What is your mobile strategy and how do you deliver mobile to your clients? So, cloud is a perfect fit as a means to deliver mobile solutions to your clients and the market and so forth. I think the key we find with that is that most organizations tend to start with mobile solutions and then realize they need to take a step back and ask what is our mobile strategy? What is it we’re trying to achieve and then jump to a solution."

Cloud Computing Challenges

But the cloud is not without its challenges, Goodman said.

"The cloud is an interesting challenge," he explained. "We have issues with power, so the cloud is not quite the thing [for us that] it is for the rest of the developed world."

He also noted that unlike many organizations that see the capability to pay for services with OpEx rather than CapEx, in the non-profit world OpEx is more difficult. It’s much less challenging to raise funds for a capital expenditure than increase ongoing costs, he explained.

Socio-mobility is another problem, Lightman noted.

"Bandwidth: it’s a limitation," he said, especially when it comes to mobile. "When you get into the mobile architecture, you have different sorts of companies that come into play. Wireless carriers, regulators, content providers. Now we’re seeing data throttling. If you have company-specific information that needs to get done on mobile, and you need to ensure that it gets to the right source, it becomes difficult when when you have data throttling."

IRC’s Goodman agreed, noting that Software-as-a-Service can sometimes make things harder, especially in the environments his team works in, because you can’t manage performance in the same way.

"SaaS has all the advantages that we know about in the cloud, but sometimes the big disadvantage, which for us can be a killer, is I can’t put it behind my Riverbeds and optimize it," Goodman said.

Cloud Security

It should also come as no surprise that both the audience and a number of panelists saw security as a challenge for cloud computing.

"In our experience, the number one challenge or concern that companies have about cloud is security," Khan said. "That’s the biggest challenge and concern they raise."

While Khan acknowledged that some concerns are justified-notably reluctance to put customer data in the cloud-he also noted that it’s more an issue of confidence and change-management strategy. Business leaders in the organization need to be convinced that the new way of doing things is not going to put the organization at risk.

Fahim Siddiqui, chief product officer of IntraLinks, said it’s all about building trust.

"First and foremost, it starts with trust," he said. "There has to be a view that this is a trusted place to go work when you are virtually working within the context of an application. Trust is built through a combination of not just technology, but also application security, not just that but also people and process security. When you combine that, there’s a certain posture you have, that this service is a place that I can trust with my information, and my information is protected in terms of visibility, access and auditability."

"The choice of a cloud is not very different than the choice of an ERP application," Siddiqui added. "It’s an enterprise architecture choice. What you have to really understand first and foremost is what are your points of extension? Why do you need the cloud? Do you need it for compute resources at the infrastructure level? Do you need it for certain specific resources, like storage? Or do you trust it for certain business-critical transactions which are out in the wild anyway, but today maybe they’re being conducted on FedEx and e-mail, or in some cases people carrying physical copies outside your four walls. In each of those instances, you have to construct what are the appropriate weak points and what are the security ins and outs?"

Goodman agreed, adding, "The real point is that when we talk to vendors about security, you know if they’re serious about it. You do all the things you’re supposed to do, you audit, but at the end of the day you can tell whether a company thinks security is a critically important thing or not."