Stefan Ried

Cloud computing challenges the CIO legally as well as technically!

Cloud computing is the availability of standard IT resources over the internet in a pay-per use model. Initially this is an attractive proposition. However there are many challenges which CIOs will face when running firm critical applications and data over the internet. The most successful CIOs have built an IT governance strategy to avoid the uncontrolled variety of technologies, meta data and business process evolution in their IT landscape. A good governance strategy ultimately makes the implementation of legal compliance requirements from Basel II or SOX much easier. Without searching first for critical data, an orderly approach is much simpler and the CIO won’t be the only one sleeping better.

So long as everything is in your own company or at local infrastructure, IT governance and compliance should be governed centrally from the CIO office. But what happens when a firm’s cloud computing is effectively deployed? This technology paradigm has its largest cost savings when applications and business processes have extremely high and uneven resource requirements. In most cases these are automatically firm critical applications and confidential data. The responsibility of a CIO then moves from pursuing operational excellence in the datacenter, to the greater responsibility of developing and managing intelligent sourcing concepts in the cloud and bringing its consequences under control. The large cloud computing vendors are nearly without exception international firms and a core basis for their cost-effective deployment lies in their global sourcing strategies. IT governance and legal compliance must also be developed to cloud governance and global provider governance.

Most firms have their Basel II or SOX compliance under control. IT was an essential, but not the only, risk factor that needed to be dealt with. Many firms introduced tools to help better structure and document processes and document flows. Large firms even established new roles for taking such responsibilities, with titles such as the Chief Compliance Officer. The challenge for cloud computing is that the former compliance strains now appear as childsplay. Cloud compliance requires constant interaction with many different experts — and not only within your own company.

An international example is the move of SWIFT’s datacenters from the USA to Europe. SWIFT is known as one of the most important IT resources for banks outside of their own data centers, dealing with all kind of money transfer between different banks. In today’s Cloud Taxonomy one would describe this as a “Virtual Private Cloud” (see Forrester’s Cloud Taxonomy). The legal situation has changed among European governments, regarding forbidding the unrestricted interception of banking details through the CIA. So far they have not done this. Although from December 2009 the European Parliament is discussing this option and could change its legality. From the perspective of banking CIOs then, cloud compliance is suddenly the interaction of internal technical experts and cloud vendors, as well as in-house legal experts and if necessary external legal advice. Compliance requirements should not however slow down the utilization of cloud resources. As to do so would mean the essential business advantages of the cloud will be lost — in particular the ability to react quickly to changing requirements. Forrester expects the first vendors in 2010 will bring compliance-tools to market that support a firm grip on cloud compliance. This will be an agile information exchange and approval process between IT, business and legal experts. But this time beyond the company borders. So these are even the best conditions to run cloud compliance tools as a SaaS application in the cloud, and not in your company.

Let me know if you are a vendor and plan to move into the Cloud-Compliance Space

Regard

Stefan

Selling the Cloud

A New Forrester Research Workshop

Dec 1st, Foster City, CA

Hi,

I’d like to point you to a new workshop series that we start in three weeks in the Bay Area. Depending on demand and your feedback, we will run the same workshop in Cambridge (US), in London (UK) and in Frankfurt (Germany) in January and February 2010.

The workshop basically explains how to make money with cloud computing for ISVs and System Integrators. Starting from the new technology options for platform selections,  we investigate the current Platform as a Service provider. Best practices of business models in the cloud help ISVs to size their opportunities. We disclose the first time in public the full Forrester Cloud Taxonomy and a detailed market sizing for each cloud service and product category. This brings a lot of structure to the Cloud.

For Large scale IT users, the significant change of the whole IT ecosystem will be only one of many exciting topics in this workshop. How does the role of an CIO change? Understand the raising challenge of cloud-compliance!

Please see the full agenda here.

Caution: This workshop is an highly interactive event. If you simply wanna hang-out a day and listen to presentations – your are wrong here. We have developed a cloud readiness assessment which helps you to identify your person option moving a software application or business model in the cloud. Each participant works out an individual guideline with  your next steps in strategy, technology and go-to-market.

If you have any questions or special topic you’d like to see additionally in the agenda, please do not hestiate to call me oin Foster City 650-581-3844 or in Europe +49 69 959 29856 or email sried at forrester.com.

See you December 1st in Foster City.

Stefan

Google’s Office SaaS Apps @ Jaguar and their new business version.

Google plays in various categories of cloud computing at the same time. Google Docs, Spreadsheets and GMail are software applications as a service (SaaS) and more in the category of other dedicated SaaS applications like NetSuite for ERP or Salesforce.com’s Sales Cloud for CRM. Google’s offers also more platform centric services such as Google App Engine which moves more into a Platform as a Service (PaaS) category where Salesforce.com with Force.com is also a leader. While this is well known to many cloud experts meanwhile, there is still confusion around this in the market. Forrester established a cloud taxonomy which give a clear guidance and actually helps a lot to avoid confusion. Beyond this, thought it would be helpful to layout the hard facts of the recent announcement and the Jaguar deal.

See Google’s announcement of the business edition of google applications. Here are the hard facts:

Features unique to Google Apps Premier Edition include:

• 10 GBs of storage per user
• APIs for business integration – APIs for data migration, user provisioning, single sign-on, and mail gateways enable businesses to further customize the service for unique environments.
• 99.9 % uptime – Service Level Agreements for high availability of Gmail, with Google monitoring and crediting customers if service levels are not met.
• 24×7 support for critical issues – Includes extended business hours telephone support for administrators.
• Advertising optional – Advertising is turned off by default, but businesses can choose to include Google’s relevant target-based ads if desired.
• $50 per user account per year – Simple and affordable annual fee makes it practical to offer these applications to everyone in the organization.

In addition to Gmail, Google Calendar, Google Talk and Start Page, all editions of Google Apps now include:

• Google Docs & Spreadsheets – With this addition, teams can easily collaborate on documents and spreadsheets without the need to email documents back and forth. Multiple employees can securely work on a document at the same time. All revisions are recorded for editing, and administrative controls allow organizations to define limits on document sharing.
• Gmail for mobile devices on BlackBerry – Gmail for mobile devices provides the same Gmail experience – such as search, conversation view and synchronization with desktop version – on BlackBerry handheld devices for users of Google Apps. Gmail for mobile devices joins a list of other mobile options for Google Apps and BlackBerry users that already includes a Google Talk client and a variety of calendar sync tools.
• Application-level control – Allows administrators to adapt services to business policies, such as sharing of calendars or documents outside of the company.

The deal with Jaguar which is announced at the same day, claims the following benefits:

• Increased storage capacity with 25GB of storage per user
• Significant savings from lower infrastructure and support costs…. although the deal size is not disclosed.
• 99.9% service level agreement…  although a full transparency like with trust.salesforce.com is not available to my knowledge
• Improved data security and administrative management… although no details are disclosed

Interesting is the adoption model that Google and Jaguar agreed on: Jaguar Land Rover has selected a kind of in-house evangelists and has selected 250 users for a first wave across its departments. These users get trained on all necessary aspects of Google Apps and will assist the other employees to get up and running without further training.

Comparing for example the storage limit of the above business version and the Jaguar details shows another important trend. Google starts to tailor the configuration or at least these kind of storage or traffic limits based on customer demand.

Please feel free to leave a comment below with your experience using Google apps.

Stefan

Cordys Key Note Presentation

I had the pleasure to contribute a presentation to an extraordinary event in the Netherlands yesterday. A lot of innovation looking for its way to the market.

Download the presentation here: StefanRied-Forrester-Cordys.

Cheers

Stefan

Dear Software Vendors,

I’d like to point you to an short but excellent blog post of Roman Stanek, entrepreneur and currently founder and CEO of the SaaS BI vendor Gooddata:

Back in the old good days … We delivered bits on DVDs… Throwing software over the wall … that’s how we did it. Sometimes almost literally…

I now live in the SaaS world….… But there now seems to be a new way how to “throw software over the wall” again. Many software companies have repackaged their software as Amazon Machine Image (AMI) and relabeled them as SaaS or Cloud Computing.

There is obviously some value in offering prepackaged images, eg. for pre-integrated middleware stacks into development and test clouds. This is what IBM and others are offering. However if a software vendor simply takes a traditional software package, boils it down into an EC2 image and let the customer alone with it, we lost one of the most important accomplishments of the SaaS deployment approach. That’s what Roman’s words of caution are all about and I couldn’t agree more.

The EC2 image is a one time snapshot, like a DVD in old days. However, the real SaaS business application or a Platform as a Service (PaaS) is a consistently and ongoing maintained software availability – not a one time deployment.

Customers should therefore be very careful if vendors are simply talking about a cloud deployment. Ask for the real value and ongoing services. It looks like that a multi tenant stack like force.com can be maintained easier in many cases that a deployment of a single image per tenant, multiplied for thousands of tenants into an hypervised environment. Companies like vmware are heavily investing now to avoid the IT management overkill in such environments. Also IBM is aware of the challenge similar to vmware and enables their WebSphere cloudburst appliance to deal even with incremental changes in hypervisor images, while they are still missing to enable a multi tenancy on the higher level of their middleware stack.

That’s the reason why PaaS and SaaS goes much beyond of the value of an “simple” infrastructure as a service “IaaS”.

Stefan