I know I have discussed cloud computing in this column before,but the fact is it just won't go away. Every day I am inundatedwith news articles and calls from sales people telling me the cloudis where I need to be. I don't think I ever have seen such buzzaround a technology that has so little to show for itself. Thelatest report I saw predicts cloud computing will grow 27 percent ayear for the next four years–from $370 million in 2009 to $1.2billion in 2014. Twenty-seven percent sounds very impressive (Iwould be very happy with a 27 percent increase in my base pay). Iwould not be impressed with a 27 percent increase in the amount ofmoney I saved this year (that would put my 2009 nest egg at about$127). I also am not blown away by $1.2 billion annual investmentin the cloud by 2014. The total IT spend is estimated to be about$2.7 trillion in 2009. That means cloud computing represents 0.137percent of the total IT spend in 2009. Not bad but notmind-boggling.

A Conundrum

There apparently is not a direct relationship between the hypeabout cloud computing and the actual dollars spent on it. I wouldlike to talk a little about that disconnect and possible reasonsfor it. First, let's define what we mean by “the cloud.” There arevery wide ranges of offerings that define the cloud fromready-to-use Software as a Service (SaaS) offerings, such asSales-Force.com, to bare-bones, virtualized Linux servers, ready tobe configured and built out any way you want. Between those twoextremes are a host of other offerings: storage as a service,database as a service, application as a service, etc. For ourpurposes, we will take a fairly common definition of cloudcomputing and define it as any IT service that is accessed in realtime over the Internet. I could qualify this further by adding itis a pay-as-you-go or subscription-based IT service, but strictlyspeaking, that is not accurate, as many cloud offerings are free–atleast for the consumer.

Why haven't businesses jumped all over the cloud? All thingsbeing equal, a cloud suite of applications will cost less percorporate user than individually installed and licensedapplications. Google Apps Premier Editions is available for $50 peryear per user. (Let's not argue about the exact price. Google,Microsoft, and others have become very aggressive in their pricingand certainly are less than the annualized, amortized cost oflocally installed applications and their required server-sidecomponents.) It is only good business sense to maximize the returnon dollars spent, and that applies to IT as well as business units.So, we should move to the cloud–right? Am I missing something?

Aha!

The bottom line is the bottom line apparently is not always thebest way to make a business decision. I began a key sentence in thepreceding paragraph with “All things being equal.” And there's therub: All things are not equal. There simply are too many “features”of cloud computing that make corporate users shy away. The negative(perceived or real) compromises one now must make for the cloudoutweigh the benefits for most potential customers.

First

Corporate IT is by its very nature highly conservative andunwilling to relinquish any control it now has over existingprocesses and procedures. Consider the data center. I have been inworld-class hosted data centers. I mean data centers with multipleredundant Internet connections, redundant electric grids, backuppower supplies, chill units, and 24×7 handholding. Some even are“bomb-proof.” These are very cool facilities. Nevertheless, mostcorporate IT departments make the decision to host their own datacenter. They usually are not as reliable or protected as a remotehosted facility, but they are on premises or at least in a companybuilding.

I got over the need to touch and feel a server about 10 yearsago, but most of corporate IT hasn't. There is something about allthose cables and flashing lights that make IT managers drool.Seriously, there is a real reason for the reticence to allowservers and their data off premises or off site. A majorresponsibility of any IT manager, director, or CIO is to maintainthe safety and integrity of corporate data. A few years ago, I wasin Connecticut at the corporate headquarters of a major insurancecarrier. I was there to install an application we had sold thecompany for its corporate intranet. The server we were going to usefor proof of concept/staging was a big, ugly box sitting next to adesk in the IT cube farm. I sat down and placed my fingers on thekeyboard to begin the process of installing the application. Myhands immediately were jerked away from the keyboard, and I wastold, in no uncertain terms, I did not have permission to touch anycorporate IT resources.

Consider that I had a signed non-disclosure agreement, and I wasa trusted person who provided services for this firm for a numberof years prior to this moment. Needless to say, this firm will notbe rushing to move to the cloud. Many IT departments are based oncontrol–and control does not work well in the cloud.

Second

It isn't just resistance to change we are discussing. There arevalid concerns. Every organization has unique proprietary data thatis essential to the continued operation of the company. Coca-Colais not going to upload the “formula” for Coke to a cloud file shareor collaboration site. Boeing is not going to store thespecifications and CAD files for the 787 on the cloud. I am notgoing to keep copies of my personal tax returns on my free storageon Google Apps. I won't not because I believe Eric Schmidt wants tosee how much money I made last year or how much I reported to theIRS but because the Internet is a very unsecure environment.

Last month, my wife got a call from folks at her credit cardcompany. There were some small iTunes purchases they were curiousabout. My wife doesn't own an iPod or iPhone (I do, and it wasn'tme). Someone had snatched her credit card information (includingthe CCV code) from some online purchase she made. Someone even hadpurchased a snow blower and charged it to her card (we live inAtlanta where snow blowers are not useful). The snow blower passedthe credit card companies scrutiny as did a large charge for a newmotorcycle for me (thank you, Nancy).

Fortunately, credit card companies know when thieves steal cardcredentials, they first test them out with small purchases atplaces such as iTunes. I suspect once the credentials arevalidated, the information then is sold to other parties who do thereal damage. I also understand chances are her card informationactually wasn't snatched during an SSL exchange over the Internet.Chances are an employee of some firm she did business with stole,tested, and sold her credit card information. But SSL isn't allthat secure from dedicated hackers, and the nefarious employeescenario is valid with any organization. Once I trust my data to athird party, I implicitly trust all of the third party's employeeswho may have access to that data. The upshot is there is no goodbusiness scenario in which it makes sense to keep sensitive andimportant information anywhere but on premises. This is the single,biggest hurdle cloud computing must conquer, and it is one that isnot likely to be conquered in the immediate future.

Third

How much control do you require over your IT environment? Isyour business dependent upon custom applications? Do you currentlywork with development, QA, staging, and production environments? Doyou have a rigorous process for testing, training, and UAT? If so,how are you going to manage that with the cloud?

These questions raise some very interesting scenarios. The cloudlargely is dependent on virtualization. Cloud service providerstypically do not give anyone their own dedicated physical machine.If you contract for a particular platform on the cloud, you aregoing to be provided with a Virtual Slice–a virtual server built onVMware of Hyper-V or something similar.

Although it is not typically “allowed,” you theoretically coulddesign, build, and test your application on your development, QA,and staging servers and then package the whole thing up as avirtual image that then could be deployed on the cloud. And whywould you want to do that? I am not sure. After doing UAT locally,you are going to need to do it all over again on the cloud. If itis a real application, it is going to require a database, and thatmeans cloud storage as a service as well as the additional platformfor the database. Cloud service providers do offer “database as aservice,” but the terms are a little fuzzy. The ones I have lookedat are a little unclear. Do you really get your own dedicateddatabase server and storage, or are you sharing it with Larry theBail Bondsman? Call me paranoid. Or call me cautious.

Fourth

Maybe I have been a little harsh on cloud computing. Maybe not.However, there may be legitimate reasons to embrace the cloud.Consider a small to medium-size insurance agency, an MGA orindependent, with 50 employees. It has online applications it usesto quote and write policies but is too small to have more than arudimentary IT department. The agency may have a domain controllerand a file store server and may be running its own mail server. Butit can't even afford a full-time employee to manage its meager ITdepartment. The cloud may be an ideal solution for parts of its ITstructure. It could maintain its secure internal network forsharing data within the agency. It can continue to use thatinternal network to provide access to the various quoting andpolicy managing applications it uses. The cloud offers anorganization such as the one described above the ability tofunction like a much larger organization.

For relatively modest fees, small organizations can move theirmail services to the cloud. If they desire, they also can usecloud-based office productivity software. They can create a companyintranet for information sharing and collaboration. They even canleverage their cloud services to provide a platform and hosting foran Internet site. And those are valid use cases for cloudcomputing.

Finally

Big players–Microsoft, Google, IBM, and others–have investedfortunes on their cloud offerings, and they are not going to goaway. My information tells me the big guys lost a lot of money onthe cloud last year and are going to lose even more this year. Andthat just has served to make them more determined to make thiswhole cloud thing work. I don't believe corporate America is readyfor the cloud. I know a few big organizations have bought into thecloud, but I suspect they simply were made an offer they couldn'trefuse. Organizations without enough revenue to support a real ITdepartment and ma-and-pa businesses will find real value in thecloud. For the rest of us, I don't think the cloud is ready forprime time. Let's circle back next January and see how the cloud isdoing.

Please address comments, complaints, and suggestions to theauthor at [email protected].