What's the one thing all organizations have in common? They must identify new ways to grow revenue and expand their business to stay competitive.

Increasingly, organizations are using cloud computing and social networking to help them embrace new market opportunities.

Over the past several years cloud computing has matured to a point where it's considered a mainstream technology service. The benefits can seem endless. It helps to reduce IT costs, it's easy to set up, scales to your business' storage needs seamlessly, provides customers, partners and employees with remote access from anywhere at anytime, it's secure and security-rich. Expected to grow to more than $214 billion by 2020, cloud computing has become a catalyst for capturing new business value.

Similarly, social networking for business has exploded over the past several years. Forrester Research reports that the market opportunity for social enterprise apps is expected to grow at a rate of 61 percent through 2016, reaching $6.4 billion. Once viewed as a tool for students and teens to connect with one another, businesses are now adopting similar concepts to better connect their employees, partners and clients and to transform globally. These organizations are transforming into social business as every department, from HR to marketing to product development to customer service to sales, are using social networking the way they use any other tool and channel to do their job.

They're integrating social networking tools into traditional business processes to fundamentally impact how work gets done and to create business value. They're deepening customer relationships, generating new ideas faster, identifying expertise, enabling a more effective workforce and ultimately driving their bottom line.

Imagine what could happen if you were to marry cloud computing and social networking.

Many organizations, of all shapes, sizes and industry, are already doing so and creating significant business value.

For example, within the RICOH Company, Ltd., an international supplier of office and industrial equipment, the Business Development Center is collaborating in the cloud creating products faster with an expected improvement in cycle time for new product introduction of 20 percent. Chefs at Newly Weds Foods, a world leader in food ingredient technology, have reduced department travel and meeting costs by 10 percent. Strategic Decisions Group (SDG), an international strategy consulting firm, has also achieved more than 60 percent cost reduction in their Asia Pacific e-mail system costs, all thanks to using cloud services.

Colleagues in Care' Global Healthcare Network (CIC) is using social networking tools in the cloud to virtually connect medical workers and volunteers from around the globe. Using this technology, the volunteers and those on the front lines taking care of patients are armed with an online medical knowledge system that includes treatment options, clinical pathways, and best practices specific to the situation in Haiti. For example, doctors on the ground in Haiti now have immediate access to information. Previously, a healthcare worker typically had no access to a specialist to consult about a specific medical condition. They can now immediately determine how to best care for a patient directly in front of them, at the same time collaborating with colleagues to determine more population-based strategies of effective care.

Colleagues In Care is using IBM cloud-based social analytics and collaboration services to provide their global network of healthcare volunteers with immediate access to critical data and information for the current healthcare needs of the Haitian citizens.

Organizations like Colleagues in Care, Neiman Marcus, University of Texas El Paso (UTEP), Strategic Decisions Group (SDG), Hindustan Motors, Bonduelle and Apave have chosen the cloud to help drive social business adoption across the enterprise. These organizaions are seamlessly collaborating, sharing information and ideas, resulting in increased efficiency, improved productivity and in the case of CIC changing the very fabric of healthcare delivery in an areas devastated by earthquake.

Social and cloud are opportunities that organizations are realizing can't be missed, they're becoming must-haves that businesses can't ignore. Have you taken advantage?

A small healthcare provider decides to put patient records on the cloud while ensuring that they are HIPAA compliant. A regional bank turns to a managed services approach to host mobile applications and platforms so the bank can create new channels to engage consumers who expect to access their bank information with a few taps of a finger.

No matter how you look at, it's the cloud that is driving the way information and technology is being consumed -- changing the way we work.

Businesses -- driven by consumers -- expect their data to be open, accessible and easily moved between different programs. If somebody wants to connect their customer information to their sales analytics application and have that insight sent to their mobile device -- they don't see why they shouldn't be able to.

The convenience of cloud applications has become so common that we almost take it for granted. Basic email and other cloud applications are used everywhere from small to large businesses around the world. Mobile technology has also tethered us to the cloud in ways that were unimaginable a few years ago.

Increasing Confidence in the Cloud

Today, the cloud levels the playing field for SMBs, helping them compete in today's quickly changing business environment, by spending less time and money on IT and more time focused on their most important priority -- growing their businesses.

While SMBs have expressed their security concerns in the past, they are seeing advances in this space that are changing perceptions and increasing receptivity.

No doubt, security is complex area. But it's specifically difficult for small businesses to keep up with ever-changing and increasing security threats especially when they typically have a small IT staff to focus on it.

Now, SMBs are seeing steps taken to deliver enterprise-level high availability and security to protect their most precious assets -- customer information, intellectual property and most importantly their brand -- in the cloud. This is dramatically shifting the way they think about the cloud with security in the same sentence.

And this increasing confidence in the cloud is opening up new opportunities for many SMBs to use new technologies such as mobile and social channels to better compete and enter into new markets and identify new customers. In fact, according to AMI, SMBs in the United States will spend more than $49 billion on cloud services in 2015, nearly double the size of the market today.

And as mobility will continue to gain in popularity, the demand for smartphone technology and mobile computing platforms on the cloud is only going to increase. In fact, by 2015, nearly three-quarters of the internet-capable devices will be Post-PC devices, (smartphones and tablets). Many SMBs are looking to these devices to enhance the way they to do business such as using a free downloadable mobile app to brainstorm, exchange ideas and collect feedback on client accounts in real time -- the key piece to help win new business.

Whether it's data, mobile or network, security will always be one of the top priorities for any SMB. So how can SMBs maintain a level of control over access to apps and data that they expect behind their own firewall? Seamless integration that connects users and cloud apps to manage access control, auditing and authentication will be key.

So with that said, SMBs will be looking to managed service providers to help them seize this opportunity that cloud can bring, delivering the enterprise level capabilities SMBs never had access to before -- helping to accelerate the cloud adoption for this business segment.

As many SMBs are under intense pressure to build their businesses, reduce costs, eliminate inefficiencies, the one thing they can feel confident about is how the cloud will open the doors to new opportunities and remove the barriers that once prevented them to get on to the path of innovation and growth.

The cloud breaks down barriers to computing power that was once only available to a select few. As more and more businesses explore the benefits of cloud computing, revolutionary innovations are happening across a wide range of industries.

The IBM Smart Cloud is transforming industries as diverse as healthcare, energy, government, and filmmaking. These cloud computing case studies help to illustrate the tremendous power and opportunity of the Smart Cloud.

The phrase "cloud computing" has moved beyond the vocabulary of a company's chief technology officer and is now a part of everyone's vocabulary. Even if people disagree on the exact definition, millions have been quick to grasp the benefits of cloud.

Millions of consumers using the cloud - whether knowingly or not - created a ripple effect in the business world. Suddenly, computing power became available anytime and anywhere, and people were used to having instant access to their favorite websites and media. They could use Gmail and Hotmail or Flickr for photos, or buy tickets to a movie or to the theater from their Smartphone. This anytime, anywhere access to computing power also permeated the business world. Start ups and small businesses - faced with very tight budgets - embraced the idea that the cloud would allow them to focus on creating real businesses in months rather than years, without having to build expensive, complex data centers. Larger businesses and governments recognized the advantages of cloud, namely the ability to provide more computing power without having to buy more hardware and software. Many took a conservative approach at first, creating private clouds that did not need to be shared with other companies to use their existing computing capabilities more efficiently. Cloud was not just advantageous in terms of making the most of resources and money; it was a "game changer" in terms of competitive advantage.

Cloud computing involves storing information and doing data processing in remote data centers where servers are used for many different jobs, depending on need. In the past, most servers were dedicated to a particular task, and companies had to buy new computers every time they started up a new service. Many enterprises have enough data processing work to justify operating their own private clouds, but increasingly government agencies and corporate giants are signing up to do some of their computing in public clouds operated by companies like Amazon, Microsoft and IBM.

The faster delivery of better products and services is now necessary to take on competition and meet demanding customers and shareholders. Customer executives and managers at long-established companies are discovering that cloud computing can give them a way to run their businesses or their supply chains more efficiently. Some are creating new lines of business or providing customers better service. And new research by IBM finds that 41% of them think it will have had a significant impact by 2015.

This capability is leading to a real change in the way organizations manage customer and industry relationships. For example:

- The flexibility of the cloud comes into play with seasonal events, such as The US Open tennis tournament. It harnesses the cloud to provide the latest stats, schedules, Twitter feeds, video streams and data graphics to both fans and broadcasters--as demand for resources skyrockets during the tournament.

- Cloud improves the way companies operate internally. Panasonic, the consumer electronics giant, decided to use cloud-based email and communications to replace local servers. It concluded that it could use the cloud to roll out worldwide collaboration, conferencing and file-sharing without big new capital investments.

- Cloud makes it possible for companies to provide services to customers much faster. China Telecom is selling customers new Smartphone applications in as little as three days after they are built and tested, compared to three weeks in the past. And companies worldwide expect this impact will increase rapidly, according to a recent survey by IBM. Business and IT managers stated that by 2015, more than half of those relationships will be driven by cloud capabilities.

- Cloud computing also provides a way for different companies to use the data to put products on shelves. True Value, the hardware chain, uses software in a cloud to pull together information from suppliers, freight forwarders and its 5,000 stores. Since implementing the system, it has reduced back orders by 85%.

What is new about cloud is what it allows everyone to achieve. Cloud is changing the way all of us- from our personal life to our work life - use and consume technology. And enterprises can and are applying the transformative power of cloud computing to reinvent the way they do business and improve economics to capture new business value.

To learn more on how Cloud can reinvent your business, click here.

Follow IBM Cloud's blog and Twitter.

When we start building something, it is easy to forget about the real purpose of the thing we are building in the first place; whether it be mobile app, a birthday cake or a data centre. As a creator of an item we can become focused on fulfilling our own vision rather than remembering that we are really architects of someone else's dreams and needs.

Simply put, a beautiful cake that tastes terrible isn't going to be eaten. Equally, a data center that has state of the art cooling-- but when faced with real life workloads fails to deliver on cost -- latency and the ability to manage risk will be holding back the business and soon prove that IT is keen on being on the cutting edge rather than looking at the bottom line. Paying attention to the blueprints is all well and good but we could all spend a bit more time looking at the people that will use our systems, understanding what they really need.

Deliver on what we promised: agility, cost & risk

This may seem like I'm stating the obvious, because it is, but far too many of us have been guilty of focusing on the manufacture. Those that get the balance right and make sure the CFO gets the accounts balanced in a couple days rather than 3 weeks, make a substantial contribution to their own careers, not just the organisations they work for.

When looking to move workload to cloud environments, most Chief Information Officers will say that security is the number one concern. To address those concerns, IT organizations must consider several aspects of security to ensure they do not put their organizations at risk as they explore cloud computing. Some of these concerns regarding security have to do with what the cloud provider's service and operational procedures, and other concerns, have to do with new processes that must be considered, and that did not have to be considered before in the traditional IT model.

To provide effective security for a cloud environment, both the cloud provider and consumer must partner to provide solutions to the following security concerns:

1) Governance and Enterprise Risk Management - The ability of an organization to govern and measure enterprise risk that is introduced by cloud computing. This concern includes items such as legal precedence for agreement breaches, ability of user organizations to adequately assess risk of a cloud provider, responsibility to protect sensitive data when both user and provider may be at fault

2) Compliance and Audit - Maintaining and proving compliance when using cloud computing. Issues involve evaluating how cloud computing affects compliance with internal security policies, and also various compliance requirements.

3) Application Security - Securing application software that is running on or being developed in the cloud. This concern includes items such as whether it is appropriate to migrate or design an application to run in the cloud.

4) Encryption and Key Management - Identifying proper encryption usage and scalable key management. This concern addresses access controls of both access to resources and for protecting data.

5) Identity and Access Management - Managing identities and leveraging directory services to provide access control. The focus is on issues that are encountered when extending an organization's identity into the cloud.

Although, Governance and Enterprise Risk Management are existing functions within most IT organizations, cloud computing introduces several unique challenges around this topic. Part of the responsibilities are that of the cloud provider, and other components are that of the consumer to ensure that the overall solution that is being leveraged meets the governance and Enterprise Risk Management standards of the organization. For example, in the IBM SmartCloud Enterprise offering, IBM requires its customers to secure the application and operating system that is being used, although IBM does provide a base operating system image with basic security configurations.

In addition, most organizations are bound by some form of security compliance guidelines. These guidelines and regulations do not change when moving a workload into the cloud environment. Therefore, consumers of cloud must look at their existing compliance and audit guidelines to ensure that the workloads they move to the cloud still comply with the guidelines by which their organizations are bound. Also, consumers must ensure that any audit requirements can still be met even though the workload has been moved into a cloud environment.

Securing application software that is running or being developed in the cloud is another consideration for security. Standard application security might need to be changed or enhanced based on a cloud provider's environment or customer requirements. Encryption and Key Management becomes critical when moving a workload to the cloud. Using encryption and a scalable key management solution must be considered when leveraging cloud solutions. For example, IBM SmartCloud Enterprise provides a robust key management system for secure access to all Linux compute resources.

Finally, Identity and Access Management is critical to the success of cloud solutions. This ensures only authenticated and authorized individuals get access to the correct components of the workloads that are hosted in cloud solutions. Solutions such as Tivoli® Access Manager with its WebSEAL reverse proxy can help with the authorization of individuals; solutions such as Tivoli Identity Manager can help with the authentication of users.

Summary

When addressing security in a cloud environment, consider five key areas to help ensure that your cloud provider and you as consumers of cloud are creating a cloud solution that meets the business needs. It is critical to consider the governance and enterprise risk aspects of cloud computing along with the compliance and audit implications to the organization. In addition, application security concerns such as encryption, key management, and identity and access management must be addressed to ensure security risks are mitigated in a cloud environment. Although many of these disciplines exist in traditional IT, many of the disciplines must be reviewed when you move workload to a cloud environment.

How can moving to a cloud computing environment help your business? And what is the future potential of cloud computing? IBM cloud computing executives, Ric Telford, Maria Azua, and Erich Clementi, share their vision for cloud computing in this short round table discussion.

Watch to hear more about using cloud computing to:

-.Facilitate data intensive collaborative work.
- Establish enterprise level production with tailored service level agreements and open standards.
- Protect your data with high-caliber security services.
- Take advantage of higher levels of connectivity and cutting edge applications for business transformation.

Cloud computing has gotten enormous coverage lately, with claims for benefits that may or may not be realized. The cloud does not enable a wired and informed electorate; that comes from online services and Internet linkages, whether they are hosted in the cloud or in the government's own infrastructure. The cloud does not provide 100% uptime and availability of packages and data; the net will stay up, but a vendor can still go down, can still be hacked through a denial of service attack, and can still provide faulty data or faulty applications. Senior executives, politicians, and CIOs with corporate government agency responsibilities, need to know what the cloud is and is not, and what it can and cannot promise. They need to understand the risks and the rewards, in order to use it safely and effectively, and in order to contract cloud services safely and at a fair price.

Essentially, cloud computing is an extreme form of outsourcing, one in which hardware ownership and operation, software version updating, data storage and backup, and occasionally other functions as well, are all outsourced to a singe vendor. Moreover, hardware is generally located at the cloud vendor site, where massive racks of servers and farms of storage devices process the applications and maintain the data of huge numbers of users to achieve efficient operation. Since the data and the programs are located "somewhere" in the apparently nebulous structure of the web and accessed remotely through the Internet, this form of shared remotely hosted service is called cloud computing.

Seen as a form of outsourcing, cloud computing offers a well-defined set of benefits; these are the benefits that are traditionally associated with outsourcing, and most are well known and well studied. The first of course are associated with economies of scale: (1) a large vendor will make much more efficient use of personnel, and (2) a large vendor sees much less variation day by day in demand than each individual user will encounter and therefore can do more effective load leveling and will require less excess capacity or "safety stock" in computing resources. As a result, a large vendor can charge for actual usage, allowing those users with high demand at a given time to consume unusually high levels of resources and pay higher total fees, while allowing users with lower demand to consume fewer resources and to pay lower fees. (3) Economies of scale also allow large vendors, whether cloud-based or not, to perform more R&D than smaller users could perform.

There are several of benefits to modern online computing that are wrongly lumped with cloud computing, like online access from any location, social networking, community outreach, and ubiquitous connectivity. These are more accurately attributed to remote web-based access, and indeed are not inextricably linked to the cloud. The cloud is an outsourcing service delivery mechanism, and the web is the medium for delivery.¹

As an extreme form of outsourcing, cloud computing has the risks that are traditionally associated with outsourcing. Indeed, since cloud computing is an extreme form of outsourcing, which moves data storage and backup, ownership of all facilities, and all aspects of facilities management to a single vendor, its risks are somewhat exacerbated compared to other forms of outsourcing or facilities management. In a sense this may not appear to be very different from the timesharing model of computing that was prevalent in the late 1960s and early 1970s, except that in the era of timesharing we tended to use shared remote facilities to run ad hoc analyses, while now we use the cloud to run operational software that controls every aspect of an organization, from product scheduling, inventory control and vendor management to sales and customer support and relationship management. Thus, while cloud computing may be just another form of shared facilities outsourcing, its risks may be more extreme than the risks of earlier forms of outsourcing.

The risks of outsourcing are well-known and well-studied. These risks include:

1. Shirking, or the principal-agent problem, which is deliberate underperformance while claiming full payment when the client cannot verify the vendor's effort or service levels
2. Poaching, which is the deliberate misuse of the client's data, software, or intellectual property in ways that benefit the vendor while damaging the client, when the client cannot detect this misuse
3. Opportunistic Renegotiation, or vendor holdup, which occurs in the presence of high switching costs, economic lock-in, and strategic dependence upon a single vendor

Why is the cloud emerging now?

Each of the pieces required for cloud computing has been around for some time, so why is the cloud emerging only now?

1. While cheap computing hardware is not new, we now see almost total standardization of the entire stack of hardware computing resources. The Intel X86 architecture is emerging as the chip of choice for everything from laptops to mainframes. We are standardizing on a small set of server operating systems, usually either Windows-based or Unix-based. There is a small set of virtualization hypervisors, which allocate jobs to servers whether in a large data center or in the cloud. There is even a growing set of largely standardized to enterprise applications, from office functions to ERP systems and vendor and customer management.


2. Paradoxically, the decrease in hardware cost is driving data center consolidation. The non-hardware costs, especially systems administration personnel costs, greatly dominate the cost of hardware acquisition. Scale in systems administration personnel may represent the greatest cost advantage of cloud computing. Small and medium enterprises will be the greatest beneficiaries of this consolidation; in a small shop one sys admin may manage 50 servers, but with the move to cloud computing even SMEs can now share in the vendors' sys admin ratio of 1 per 150,000 servers, or even in the ratio of 1 per 1.5 million that some vendors hope to achieve. SMEs may adopt the best practices of the cloud vendors, but without sufficient size they can never obtain the economies of scale in automation of automation, that is, in automation of systems administration.


3. Rapid response to changing demand is the greatest cloud innovation, providing both the ability to scale back resource payments when the demand for them decreases, and most importantly the ability to burst overflow demand into the cloud when demand increases. While in some sense this is not so different from time-sharing, enterprises can now handle bursts in demand for core services, not just for analytics. Again, since small enterprises usually encounter wider fluctuation in demand, SMEs will be the greatest beneficiaries.


4. And, with dedicated sys admin personnel supported by automated sys admin services, cloud vendors will be able to offer much more reliable backup, software release management, etc. Once again, the greatest beneficiaries will be SMEs.

Risks of cloud computing

While the risks of cloud-based outsourcing remain shirking, poaching, and opportunistic renegotiation, as with all outsourcing, the forms taken in cloud-sourcing are slightly different.

Shirking can have several forms.

1. The vendor may fail to invest in sufficient peak load excess capacity -- Unique to the cloud is the risk that the vendor may not have invested in sufficient excess capacity for worst-case peak loads. We have learned how to cope with overwhelming and correlated peak demand, like the demand for holiday travel. No private company has invested in sufficient capacity for us all to book rail or air travel for American Thanksgiving weekend; we know this and we stagger our travel schedules accordingly. And yet, customers expect to be able to burst excess demand for computing services into the cloud; peak demand is, once again, likely to be correlated and likely to be overwhelming. Demand for services in the days leading up to Christmas is likely to overwhelm not only the resources of many firms in hospitality and retailing, but their cloud vendors as well. Likewise, enthusiasts of cloud-sourced government computing should remember that April 15 is tax day in many countries, not just the US, and last minute filers might produce correlated demand spikes and again overwhelm vendors. Vendors may be tempted not to provide the full computing resources needed for peak capacity; this underinvestment will be difficult to detect until service quality actually does degrade and is likely to catch many firms unprepared.


2. The vendor may not make adequate investments in security and in security monitoring -- How thoroughly will data be protected? How quickly will security breaches be detected and how quickly will clients be notified? Delay in notification of identity theft can be catastrophic. Again, this underinvestment will be difficult to detect until it actually has become a problem.

Poaching will be extremely difficult to monitor and detect, and therefore extremely difficult to limit should vendors choose to violate their ethical and legal obligations. This, combined with the potential for shirking security responsibilities, explains why security always features so prominently among clients' lists of concerns with cloud computing. These problems are not unique to the cloud, but the extended chain of custody, from the vendor, through the net, to the client, may make it more difficult to establish the source of leakage conclusively.

1. The vendor may performing data mining in aggregate to learn the characteristics of a clients' own customers, products, or order flow; while some data mining may be benign or harmless, and the vendor may grant itself some rights to data mining in the terms of the contract, it is not always clear what data mining is being performed, how it will benefit the vendor, or how it will affect the client


2. The vendor may profit from leakage of small amounts of critical, sensitive, or private information about a client, its personnel, or its customers; this is specific and identifiable individual data, not aggregate statistics resulting from data mining.


3. The vendor may even profit from the leakage of critical business plans to the vendor if the vendor seeks to compete in the client's business (which some might call theft of IP rather than leakage), or more likely to the vendor's other clients. Remember, poaching is the misuse of information provided for one purpose but used for another in a way that harms the client; surely the client was aware that the vendor was handling its data, but surely the client did not expect this information to be used by the vendor or others in a way that competes directly with the client's core business.²

Opportunistic Renegotiation can again come in several forms:

1. The first form of vendor hold-up actually comes from platforms that are uniquely innovative, resulting in a true source of vendor competitive advantage. If the vendor offers unique software (software as a service) that is not yet available elsewhere, or offers a superior development platform (platform as a service), then the vendor's innovation may make it more difficult to justify leaving. This is economic lock-in, not absolute lock-in.³ Although the client won't leave the vendor, this is because the client doesn't want to do so and not because the client can't; the client is not strictly trapped, and if the vendor's prices subsequently became too high leaving would be both possible and economically attractive. In some sense the vendor's superior development platform can be viewed as a platform for rapid prototyping, and the client can always move your systems to another platform if and when it decides that it makes sense to do so.


2. Ecosystem holdup will occur if a large number of the client communicates with a large number of its customers or its suppliers through a single cloud vendor, suing the vendor's equivalent of a proprietary commercial social networking service or commercial instant messaging service. This similarly turns out to be a manageable problem, as long as the client can maintain a small presence in the vendor's network, operated as a data embassy for communicating with other members of the cloud vendor's social ecosystem.


3. The data hostage problem is truly the most dangerous source of client vulnerability, and therefore the most likely source of true or absolute lock-in. If necessary a client can rewrite all of its applications over time if it choose to leave an abusive vendor, but the client cannot regenerate the history of all online interactions. A client cannot leave a vendor without its history as represented by its data, because it cannot operate without its data; loss of data would result in total corporate amnesia, and in many cases in total corporate paralysis. The solution is to ensure all clients access to their data, in a timely fashion, in a standardized PDBF (portable data base format).

Of these risks, and indeed, of all risks, we believe that the data hostage problem is the most important. The other problems may create economic lock-in, since clients may find that it does not make economic sense to change vendors, but if the vendor raises prices high enough I can and will flee. In the case of hostage data, fleeing is not an option. We believe that at least at present the data lock-in problem may be the most overlooked.

In Conclusion

We offer the following simple guidelines.

1. Remember why you are moving to the cloud. This is a risk reward tradeoff.


2. Remember what the rewards are, and what they are not. Cloud sourcing is a form of outsourcing intended to deliver economies of scale, in systems administration, in load leveling and the cost of serving excess capacity, and in the development of special platforms to facilitate software development. The cloud is not about achieving ubiquitous access and customer or constituent engagement; that is the role of the web, social networking, Facebook, and Twitter. Social networking is a cloud-based application, but it is not necessary to move core operations to the cloud in order to have a Facebook presence, and moving core operations to the cloud does not ensure effective social networking.


3. Don't forget the risks! Shirking, and deliberate underperformance, and poaching, or the deliberate misuse of data resources and intellectual property, are always potential problems in any form of outsourcing. However, the threat of absolute lock-in that comes from the data hostage problem, and the degree of strategic dependence upon the vendor that this creates, may create unprecedented opportunities for vendor holdup. Indeed, the possibility of lock-in and opportunistic renegotiation, and the current lack of client protection, may represent the greatest limitation to the adoption of the cloud.

A subsequent post will address future sources of protection that may be available to clients, including the following:

1. Improved standards on transparency, monitoring, and reporting should reduce all forms of shirking.


2. The interaction between improved standards on reporting of data access and improved legal codes may provide protection from poaching, but at present there are unresolved legal and technical issues.


3. A standard for a portable database format PDBF, improved contracts, and clarified legal codes will reduce the data hostage problem.

At present cloud standards, vendors' SLAs and contracts appear to offer very little explicit protection; this is the subject of our ongoing research and will be the subject of a future more technical posting.

Notes:

3 - Economic lock-in occurs when it does not make rational economic sense to change vendors, because the combined costs and benefits of staying outweigh the combined costs and benefits of leaving. If the vendor raises prices beyond some level, the client will leave. Absolute lock-in occurs when leaving is virtually impossible. The vendor can raise prices until it captures virtually all of the client's profits. Raising prices beyond that level is pointless, not because the client will leave, but because the client will declare bankruptcy.