Cutting through the Public Cloud - How Kiwi IT managers can separate fact from fiction
- 02 March, 2016 17:44
Russell Craig - National Technology Officer, Microsoft New Zealand
“You’re not moving from nirvana, and that’s an important concept to understand,” says Mike Clarke - Head of CIO Advisory Practice, KPMG New Zealand.
Straightforward in delivery but hard-hitting in its relevance and appeal, Clarke’s simplified analysis of Public Cloud migration offers perspective amidst a complex world, a world in which IT managers are watching, waiting and exploring cloud strategies and plans.
Observed during an engaging Computerworld Question Time - The Future of Public Cloud panel discussion in Auckland, Clarke’s comments to IT professionals across New Zealand come at a time when over half of global enterprises are moving towards Public Cloud services, with 54 percent of businesses contributing to a market now poised to reached $133 billion by 2018.
Yet despite adoption growing at a healthy rate, cloud computing in its wider form remains uniquely susceptible to the perils of myths due to the nature, confusion and hype surrounding it.
But as discussed on a panel consisting of Mike Clarke - Head of CIO Advisory Practice, KPMG New Zealand; Kelly McFadzien - Partner, Chapman Tripp and Russell Craig - National Technology Officer, Microsoft New Zealand, such myths hamper progress, impede innovation and induce fear, thus distracting from real progress and outcomes.
While painting the Public Cloud in a wall of positivity would be inaccurate and irresponsible, even with the industry mostly agreed on a formal definition, multiple perspectives and agendas still conspire to mystify the subject ever more.
“I’m of the opinion that cloud consumption is still a relatively new concept, and on the whole the industry is still maturing,” Craig says.
As Craig explains, adoption differs depending on certain segments of the New Zealand economy.
Specific to Microsoft in New Zealand, small-medium businesses are leading the world when it comes to Office 365 adoption, with the company adding one percent market share per month, building on its 15 percent base.
“Or take enterprise as an example,” adds Craig, “we’re seeing rapidly rising rates of adoption from our commercial customers.”
With Government, Craig cites a number of local considerations that many Government agencies are currently working through with regards to policy, alluding to “lots of flux and change” in the market.
“But the direction of travel remains clear,” he qualifies, “from the Government’s perspective in New Zealand, they are adopting more cloud services.”
Backed up by research analyst firm Gartner, Government agencies now believe Public Cloud offers the “scalability, computing power, storage and security” to better enable digital government platforms and meet rising expectations for performance and value.
But Government aside, Craig believes traction is evident across a range of verticals and industries, ranging from financial services, healthcare and manufacturing.
“I think we’re coming to the end of the early adopter phase"
“What is encouraging for New Zealand is that businesses are now possessing a global ambition from day one, and they see cloud as the platform they need to deliver this,” he adds.
“Cloud provides the scale and reach that businesses could otherwise never hope to achieve and that’s an important phenomenon to consider, and explains why cloud is prevalent across all industries.”
Within those sectors sits four types of organisations - as explained by the RightScale State of the Cloud report - allowing IT managers to benchmark cloud progress accordingly.
Are you a Cloud Watcher? Currently developing cloud strategies and plans.
Are you a Cloud Beginner? Working on proof-of-concepts or initial cloud projects.
Are you a Cloud Explorer? Deploying multiple projects and applications in the cloud.
Or are you Cloud Focused? Heavily using cloud infrastructure.
“I think we’re coming to the end of the early adopter phase,” comments Clarke, drawing on seven years experience as CIO of SkyCity in New Zealand. “I think we’re now entering mass adoption.
“Cloud services and toolsets have matured enormously over the past three to four years and the market is flooded with lots of references and examples, both locally and globally.
“Now we’ve got the referenceability factor I think organisations are becoming more open to moving to the cloud sooner. In New Zealand, and overseas, that’s reflected in the growing interest of Public Cloud.”
From large end enterprise players to SMEs, Clarke says cloud adoption is happening irrespective of company size and scale, challenging the misconception that cloud is a big game move, played out at the highest level of business.
Nationwide, SMEs represent around 97 percent of businesses in New Zealand, with almost 70 percent single-worker businesses - spanning every industry in the country.
In capturing the SME cloud momentum on a global scale, BCSG Research shows that nearly two-thirds (64 percent) of small business owners already have an average of three cloud solutions in place - opening the door to new ways of consuming IT.
“SMEs are utilising the software-as-a-service model because it represents easy levels of adoption, compared to platform or infrastructure-as-a-service which is more aligned to enterprise and Government,” Clarke observes. “That’s how SMEs are consuming cloud services.”
From a legal standpoint, McFadzien - who advises large New Zealand and overseas vendors and customers about cloud computing - believes the type of company seeking cloud advice varies, making it impossible to define a cloud type company.
“It’s far and wide,” she admits. “Most businesses seeking legal advice are trying to figure out what, if any, are the legal barriers when moving to the cloud.
“Will moving to cloud impact a particular business or type of application? And if so, what are the key issues?
“But among the questions, privacy and data protection continues to be a key issue from a business perspective in New Zealand, and that also applies across the board.
“For small businesses, there is a need to understand where the issues lie and what risks are involved when moving to the cloud. Businesses want to know from a regulatory perspective, where their risk is sitting.”
With regards to cloud, analysts are united in the belief that one topic dwarfs all others to the point it has become the context for almost everything else: security.
Unsurprisingly, the art of securing the enterprise remains a complex task, and a chief concern for businesses pursing cloud ventures.
Yet as Craig questions, are such reservations based on a trust issue, or reasonable analyst of actual security capabilities?
Research suggests that to date, there have been very few security breaches in the Public Cloud with most attacks continuing to involve on premise data centre environments.
While the attacks on Apple’s iCloud website in 2014 made the headlines across the world - playing into the narrative of cloud being an unhinged platform - Craig says businesses are now realising that security sitting outside of the IT department should be considered an unacceptable or unmanageable risk.
“I spend about 60 percent of my time working with customers from both the public and private sectors helping to unpack the misconceptions around cloud,” he adds.
For Craig, it’s a process that involves many lines of questioning; “What should businesses be thinking about? What are the nature of the risks? What are the security and privacy considerations?”
But perhaps crucially, Craig believes it’s important that businesses understand the risks they are currently exposed, before jumping to the wrong cloud conclusions.
“It’s wrong to assume that the current situation is one where risk is properly understood and properly mitigated,” he warns.
Yet despite vendor assurances, organisations remain bound by news that cybercrime is a constantly evolving and ever-increasing challenge for business today, costing upwards of $450 billion per year, impacting 12 people online per second.
Despite being several years into the cloud computing paradigm shift, the market continues to be suffocated by an air of agitation and anxiety - endorsed by a rising tide of information security investment, with spending forecast to reach $75.4 billion in 2015, an increase of 4.7 percent over 2014.
“There’s a range of cloud providers and a range different services available in the market but it goes back maturity,” adds Clarke, who believes the “glaring issues” of the cloud are no longer relevant in 2016. “Due diligence is always required but companies are not moving from nirvana, and neither are they moving towards it.
“Businesses must be realistic about the security risks they accept on a day-to-day basis today, and what they will accept on a day-to-day basis tomorrow.”
Echoing Clarke’s comments, Craig believes IT managers must display a “conscious understanding” regarding what their business is leaving behind when moving to the cloud, and subsequently, where they are heading to.
“How do these risks substitute for one another? And how can this risk be effectively mitigated?”
Throughout boardrooms and IT departments in New Zealand, security and privacy are often mentioned in the same breath.
“Moving to the cloud boils down to trust, control and transparency"
For Craig however - in assessing the cloud landscape in New Zealand - privacy is moving up the command chain, playing a pivotal role in the decision making processes of organisations contemplating the cloud.
But as Craig observes, irrespective of the herculean efforts cloud providers make to secure environments and provide privacy assurances, will companies ever be willing to trust?
“It boils down to control,” he claims. “If you’re a business and you’re shifting your entire workload to the cloud, that’s wonderful but you think you’re losing control. Then the conversation progress to no, you’re actually not losing control.
“Rather, you’re gaining much greater control through what the service provider puts into your hands and the commitments they make in terms of what they will and won’t do, and what rights you have as a customer.”
Often regarded as the elephant in the room of IT departments, it’s a common misconception that by moving to the skies, businesses are relinquishing all data control.
Alternatively, as Clarke queries, is the loss of cloud control a valid fear?
“When it comes to the operating model, you get efficiencies by turning things off,” he claims. “It’s very difficult in most organisations to put compute power into the data centre but it’s very easy to turn on more compute power in a cloud environment.
“The tools are available to maintain this control but what are raw processes you’re going to now put in place that were different to before?
“How are you going to measure what’s running on a regular basis to provide the flexibility to turn things off and make cost savings?”
In this post-Snowden era, most analysts subscribe to the notion that cloud, and all it encompasses, is not inherently less secure than legacy infrastructure.
Yet by delving deeper, Craig suggests that the most justified concern is not of privacy, or security, but one of trust.
“It’s about the cloud provider saying this is how we approach privacy, this is how we approach security and this is how we approach law enforcement requests for data access globally,” he adds.
“Here’s everything we can possibly tell you about how we operate without breaking the integrity of the cloud. And that’s essentially saying, trust us.”
Building trust in the cloud isn’t an overnight, flick of a switch action because anytime an organisation turns to outsourcing, there’s a transference of trust from an internal to external environment.
It’s a valid concern for IT managers, with Craig saying that Microsoft’s view is that trust needs to be earned and supported by its customers understanding what control they have in the cloud.
"As well as providing customers with control through our contracts, that control results from us being transparent about everything we do around security, how we enable privacy protection, what we do and do not do with their data and how we comply with international standards and government and industry regulatory requirements," he adds.
"Essentially It’s about being transparent with your customers about who you are, what you do and how you do it. From our perspective, moving to the cloud boils down to trust, control and transparency.”
Check back for the second part of this Computerworld Question Time - The Future of Public Cloud discussion on Monday March 7, as the focus turns to creating a valuable checklist for businesses moving to the Public Cloud.