iOS app Android app More

Future of Cloud Computing: Overcoming IT Cost Barriers

Jarrod Dicker   |   January 13, 2012    1:39 PM ET

The cloud breaks down barriers to computing power that was once only available to a select few. As more and more businesses explore the benefits of cloud computing, revolutionary innovations are happening across a wide range of industries.

Cloud Computing: Business Transformation in the Cloud

Jarrod Dicker   |   January 13, 2012    1:03 PM ET

The IBM Smart Cloud is transforming industries as diverse as healthcare, energy, government, and filmmaking. These cloud computing case studies help to illustrate the tremendous power and opportunity of the Smart Cloud.

How Cloud Has Permeated Our Lives - From Consumers to Businesses and Back

Lauren States   |   October 6, 2011    3:21 PM ET

The phrase "cloud computing" has moved beyond the vocabulary of a company's chief technology officer and is now a part of everyone's vocabulary. Even if people disagree on the exact definition, millions have been quick to grasp the benefits of cloud.

Millions of consumers using the cloud - whether knowingly or not - created a ripple effect in the business world. Suddenly, computing power became available anytime and anywhere, and people were used to having instant access to their favorite websites and media. They could use Gmail and Hotmail or Flickr for photos, or buy tickets to a movie or to the theater from their Smartphone. This anytime, anywhere access to computing power also permeated the business world. Start ups and small businesses - faced with very tight budgets - embraced the idea that the cloud would allow them to focus on creating real businesses in months rather than years, without having to build expensive, complex data centers. Larger businesses and governments recognized the advantages of cloud, namely the ability to provide more computing power without having to buy more hardware and software. Many took a conservative approach at first, creating private clouds that did not need to be shared with other companies to use their existing computing capabilities more efficiently. Cloud was not just advantageous in terms of making the most of resources and money; it was a "game changer" in terms of competitive advantage.

Cloud computing involves storing information and doing data processing in remote data centers where servers are used for many different jobs, depending on need. In the past, most servers were dedicated to a particular task, and companies had to buy new computers every time they started up a new service. Many enterprises have enough data processing work to justify operating their own private clouds, but increasingly government agencies and corporate giants are signing up to do some of their computing in public clouds operated by companies like Amazon, Microsoft and IBM.

The faster delivery of better products and services is now necessary to take on competition and meet demanding customers and shareholders. Customer executives and managers at long-established companies are discovering that cloud computing can give them a way to run their businesses or their supply chains more efficiently. Some are creating new lines of business or providing customers better service. And new research by IBM finds that 41% of them think it will have had a significant impact by 2015.

This capability is leading to a real change in the way organizations manage customer and industry relationships. For example:

- The flexibility of the cloud comes into play with seasonal events, such as The US Open tennis tournament. It harnesses the cloud to provide the latest stats, schedules, Twitter feeds, video streams and data graphics to both fans and broadcasters--as demand for resources skyrockets during the tournament.

- Cloud improves the way companies operate internally. Panasonic, the consumer electronics giant, decided to use cloud-based email and communications to replace local servers. It concluded that it could use the cloud to roll out worldwide collaboration, conferencing and file-sharing without big new capital investments.

- Cloud makes it possible for companies to provide services to customers much faster. China Telecom is selling customers new Smartphone applications in as little as three days after they are built and tested, compared to three weeks in the past. And companies worldwide expect this impact will increase rapidly, according to a recent survey by IBM. Business and IT managers stated that by 2015, more than half of those relationships will be driven by cloud capabilities.

- Cloud computing also provides a way for different companies to use the data to put products on shelves. True Value, the hardware chain, uses software in a cloud to pull together information from suppliers, freight forwarders and its 5,000 stores. Since implementing the system, it has reduced back orders by 85%.

What is new about cloud is what it allows everyone to achieve. Cloud is changing the way all of us- from our personal life to our work life - use and consume technology. And enterprises can and are applying the transformative power of cloud computing to reinvent the way they do business and improve economics to capture new business value.

To learn more on how Cloud can reinvent your business, click here.

Follow IBM Cloud's blog and Twitter.

What's the Challenge for IT Architects?

Gary Barnett   |   September 13, 2011    1:55 PM ET

When we start building something, it is easy to forget about the real purpose of the thing we are building in the first place; whether it be mobile app, a birthday cake or a data centre. As a creator of an item we can become focused on fulfilling our own vision rather than remembering that we are really architects of someone else's dreams and needs.

Simply put, a beautiful cake that tastes terrible isn't going to be eaten. Equally, a data center that has state of the art cooling-- but when faced with real life workloads fails to deliver on cost -- latency and the ability to manage risk will be holding back the business and soon prove that IT is keen on being on the cutting edge rather than looking at the bottom line. Paying attention to the blueprints is all well and good but we could all spend a bit more time looking at the people that will use our systems, understanding what they really need.

Deliver on what we promised: agility, cost & risk

This may seem like I'm stating the obvious, because it is, but far too many of us have been guilty of focusing on the manufacture. Those that get the balance right and make sure the CFO gets the accounts balanced in a couple days rather than 3 weeks, make a substantial contribution to their own careers, not just the organisations they work for.

Cloud Security: How It Works

David Kwock   |   September 1, 2011    1:24 PM ET

When looking to move workload to cloud environments, most Chief Information Officers will say that security is the number one concern. To address those concerns, IT organizations must consider several aspects of security to ensure they do not put their organizations at risk as they explore cloud computing. Some of these concerns regarding security have to do with what the cloud provider's service and operational procedures, and other concerns, have to do with new processes that must be considered, and that did not have to be considered before in the traditional IT model.

To provide effective security for a cloud environment, both the cloud provider and consumer must partner to provide solutions to the following security concerns:

1) Governance and Enterprise Risk Management - The ability of an organization to govern and measure enterprise risk that is introduced by cloud computing. This concern includes items such as legal precedence for agreement breaches, ability of user organizations to adequately assess risk of a cloud provider, responsibility to protect sensitive data when both user and provider may be at fault

2) Compliance and Audit - Maintaining and proving compliance when using cloud computing. Issues involve evaluating how cloud computing affects compliance with internal security policies, and also various compliance requirements.

3) Application Security - Securing application software that is running on or being developed in the cloud. This concern includes items such as whether it is appropriate to migrate or design an application to run in the cloud.

4) Encryption and Key Management - Identifying proper encryption usage and scalable key management. This concern addresses access controls of both access to resources and for protecting data.

5) Identity and Access Management - Managing identities and leveraging directory services to provide access control. The focus is on issues that are encountered when extending an organization's identity into the cloud.

Although, Governance and Enterprise Risk Management are existing functions within most IT organizations, cloud computing introduces several unique challenges around this topic. Part of the responsibilities are that of the cloud provider, and other components are that of the consumer to ensure that the overall solution that is being leveraged meets the governance and Enterprise Risk Management standards of the organization. For example, in the IBM SmartCloud Enterprise offering, IBM requires its customers to secure the application and operating system that is being used, although IBM does provide a base operating system image with basic security configurations.

In addition, most organizations are bound by some form of security compliance guidelines. These guidelines and regulations do not change when moving a workload into the cloud environment. Therefore, consumers of cloud must look at their existing compliance and audit guidelines to ensure that the workloads they move to the cloud still comply with the guidelines by which their organizations are bound. Also, consumers must ensure that any audit requirements can still be met even though the workload has been moved into a cloud environment.

Securing application software that is running or being developed in the cloud is another consideration for security. Standard application security might need to be changed or enhanced based on a cloud provider's environment or customer requirements. Encryption and Key Management becomes critical when moving a workload to the cloud. Using encryption and a scalable key management solution must be considered when leveraging cloud solutions. For example, IBM SmartCloud Enterprise provides a robust key management system for secure access to all Linux compute resources.

Finally, Identity and Access Management is critical to the success of cloud solutions. This ensures only authenticated and authorized individuals get access to the correct components of the workloads that are hosted in cloud solutions. Solutions such as Tivoli® Access Manager with its WebSEAL reverse proxy can help with the authorization of individuals; solutions such as Tivoli Identity Manager can help with the authentication of users.


When addressing security in a cloud environment, consider five key areas to help ensure that your cloud provider and you as consumers of cloud are creating a cloud solution that meets the business needs. It is critical to consider the governance and enterprise risk aspects of cloud computing along with the compliance and audit implications to the organization. In addition, application security concerns such as encryption, key management, and identity and access management must be addressed to ensure security risks are mitigated in a cloud environment. Although many of these disciplines exist in traditional IT, many of the disciplines must be reviewed when you move workload to a cloud environment.

How Is Computing Changing?

Jarrod Dicker   |   August 17, 2011   11:24 AM ET

How Can Moving to a Cloud Computing Environment Help Your Business?

Jarrod Dicker   |   July 28, 2011    2:36 PM ET

How can moving to a cloud computing environment help your business? And what is the future potential of cloud computing? IBM cloud computing executives, Ric Telford, Maria Azua, and Erich Clementi, share their vision for cloud computing in this short round table discussion.

Watch to hear more about using cloud computing to:

-.Facilitate data intensive collaborative work.
- Establish enterprise level production with tailored service level agreements and open standards.
- Protect your data with high-caliber security services.
- Take advantage of higher levels of connectivity and cutting edge applications for business transformation.

Introduction to Cloud Computing

Eric K. Clemons   |   May 13, 2011    1:00 PM ET

Cloud computing has gotten enormous coverage lately, with claims for benefits that may or may not be realized. The cloud does not enable a wired and informed electorate; that comes from online services and Internet linkages, whether they are hosted in the cloud or in the government's own infrastructure. The cloud does not provide 100% uptime and availability of packages and data; the net will stay up, but a vendor can still go down, can still be hacked through a denial of service attack, and can still provide faulty data or faulty applications. Senior executives, politicians, and CIOs with corporate government agency responsibilities, need to know what the cloud is and is not, and what it can and cannot promise. They need to understand the risks and the rewards, in order to use it safely and effectively, and in order to contract cloud services safely and at a fair price.

Essentially, cloud computing is an extreme form of outsourcing, one in which hardware ownership and operation, software version updating, data storage and backup, and occasionally other functions as well, are all outsourced to a singe vendor. Moreover, hardware is generally located at the cloud vendor site, where massive racks of servers and farms of storage devices process the applications and maintain the data of huge numbers of users to achieve efficient operation. Since the data and the programs are located "somewhere" in the apparently nebulous structure of the web and accessed remotely through the Internet, this form of shared remotely hosted service is called cloud computing.

Seen as a form of outsourcing, cloud computing offers a well-defined set of benefits; these are the benefits that are traditionally associated with outsourcing, and most are well known and well studied. The first of course are associated with economies of scale: (1) a large vendor will make much more efficient use of personnel, and (2) a large vendor sees much less variation day by day in demand than each individual user will encounter and therefore can do more effective load leveling and will require less excess capacity or "safety stock" in computing resources. As a result, a large vendor can charge for actual usage, allowing those users with high demand at a given time to consume unusually high levels of resources and pay higher total fees, while allowing users with lower demand to consume fewer resources and to pay lower fees. (3) Economies of scale also allow large vendors, whether cloud-based or not, to perform more R&D than smaller users could perform.

There are several of benefits to modern online computing that are wrongly lumped with cloud computing, like online access from any location, social networking, community outreach, and ubiquitous connectivity. These are more accurately attributed to remote web-based access, and indeed are not inextricably linked to the cloud. The cloud is an outsourcing service delivery mechanism, and the web is the medium for delivery.1

As an extreme form of outsourcing, cloud computing has the risks that are traditionally associated with outsourcing. Indeed, since cloud computing is an extreme form of outsourcing, which moves data storage and backup, ownership of all facilities, and all aspects of facilities management to a single vendor, its risks are somewhat exacerbated compared to other forms of outsourcing or facilities management. In a sense this may not appear to be very different from the timesharing model of computing that was prevalent in the late 1960s and early 1970s, except that in the era of timesharing we tended to use shared remote facilities to run ad hoc analyses, while now we use the cloud to run operational software that controls every aspect of an organization, from product scheduling, inventory control and vendor management to sales and customer support and relationship management. Thus, while cloud computing may be just another form of shared facilities outsourcing, its risks may be more extreme than the risks of earlier forms of outsourcing.

The risks of outsourcing are well-known and well-studied. These risks include:

  1. Shirking, or the principal-agent problem, which is deliberate underperformance while claiming full payment when the client cannot verify the vendor's effort or service levels
  2. Poaching, which is the deliberate misuse of the client's data, software, or intellectual property in ways that benefit the vendor while damaging the client, when the client cannot detect this misuse
  3. Opportunistic Renegotiation, or vendor holdup, which occurs in the presence of high switching costs, economic lock-in, and strategic dependence upon a single vendor

Why is the cloud emerging now?

Each of the pieces required for cloud computing has been around for some time, so why is the cloud emerging only now?

  1. While cheap computing hardware is not new, we now see almost total standardization of the entire stack of hardware computing resources. The Intel X86 architecture is emerging as the chip of choice for everything from laptops to mainframes. We are standardizing on a small set of server operating systems, usually either Windows-based or Unix-based. There is a small set of virtualization hypervisors, which allocate jobs to servers whether in a large data center or in the cloud. There is even a growing set of largely standardized to enterprise applications, from office functions to ERP systems and vendor and customer management.

  2. Paradoxically, the decrease in hardware cost is driving data center consolidation. The non-hardware costs, especially systems administration personnel costs, greatly dominate the cost of hardware acquisition. Scale in systems administration personnel may represent the greatest cost advantage of cloud computing. Small and medium enterprises will be the greatest beneficiaries of this consolidation; in a small shop one sys admin may manage 50 servers, but with the move to cloud computing even SMEs can now share in the vendors' sys admin ratio of 1 per 150,000 servers, or even in the ratio of 1 per 1.5 million that some vendors hope to achieve. SMEs may adopt the best practices of the cloud vendors, but without sufficient size they can never obtain the economies of scale in automation of automation, that is, in automation of systems administration.

  3. Rapid response to changing demand is the greatest cloud innovation, providing both the ability to scale back resource payments when the demand for them decreases, and most importantly the ability to burst overflow demand into the cloud when demand increases. While in some sense this is not so different from time-sharing, enterprises can now handle bursts in demand for core services, not just for analytics. Again, since small enterprises usually encounter wider fluctuation in demand, SMEs will be the greatest beneficiaries.

  4. And, with dedicated sys admin personnel supported by automated sys admin services, cloud vendors will be able to offer much more reliable backup, software release management, etc. Once again, the greatest beneficiaries will be SMEs.

Risks of cloud computing

While the risks of cloud-based outsourcing remain shirking, poaching, and opportunistic renegotiation, as with all outsourcing, the forms taken in cloud-sourcing are slightly different.

Shirking can have several forms.

  1. The vendor may fail to invest in sufficient peak load excess capacity -- Unique to the cloud is the risk that the vendor may not have invested in sufficient excess capacity for worst-case peak loads. We have learned how to cope with overwhelming and correlated peak demand, like the demand for holiday travel. No private company has invested in sufficient capacity for us all to book rail or air travel for American Thanksgiving weekend; we know this and we stagger our travel schedules accordingly. And yet, customers expect to be able to burst excess demand for computing services into the cloud; peak demand is, once again, likely to be correlated and likely to be overwhelming. Demand for services in the days leading up to Christmas is likely to overwhelm not only the resources of many firms in hospitality and retailing, but their cloud vendors as well. Likewise, enthusiasts of cloud-sourced government computing should remember that April 15 is tax day in many countries, not just the US, and last minute filers might produce correlated demand spikes and again overwhelm vendors. Vendors may be tempted not to provide the full computing resources needed for peak capacity; this underinvestment will be difficult to detect until service quality actually does degrade and is likely to catch many firms unprepared.

  2. The vendor may not make adequate investments in security and in security monitoring -- How thoroughly will data be protected? How quickly will security breaches be detected and how quickly will clients be notified? Delay in notification of identity theft can be catastrophic. Again, this underinvestment will be difficult to detect until it actually has become a problem.

Poaching will be extremely difficult to monitor and detect, and therefore extremely difficult to limit should vendors choose to violate their ethical and legal obligations. This, combined with the potential for shirking security responsibilities, explains why security always features so prominently among clients' lists of concerns with cloud computing. These problems are not unique to the cloud, but the extended chain of custody, from the vendor, through the net, to the client, may make it more difficult to establish the source of leakage conclusively.

  1. The vendor may performing data mining in aggregate to learn the characteristics of a clients' own customers, products, or order flow; while some data mining may be benign or harmless, and the vendor may grant itself some rights to data mining in the terms of the contract, it is not always clear what data mining is being performed, how it will benefit the vendor, or how it will affect the client

  2. The vendor may profit from leakage of small amounts of critical, sensitive, or private information about a client, its personnel, or its customers; this is specific and identifiable individual data, not aggregate statistics resulting from data mining.

  3. The vendor may even profit from the leakage of critical business plans to the vendor if the vendor seeks to compete in the client's business (which some might call theft of IP rather than leakage), or more likely to the vendor's other clients. Remember, poaching is the misuse of information provided for one purpose but used for another in a way that harms the client; surely the client was aware that the vendor was handling its data, but surely the client did not expect this information to be used by the vendor or others in a way that competes directly with the client's core business.2

Opportunistic Renegotiation can again come in several forms:

  1. The first form of vendor hold-up actually comes from platforms that are uniquely innovative, resulting in a true source of vendor competitive advantage. If the vendor offers unique software (software as a service) that is not yet available elsewhere, or offers a superior development platform (platform as a service), then the vendor's innovation may make it more difficult to justify leaving. This is economic lock-in, not absolute lock-in.3 Although the client won't leave the vendor, this is because the client doesn't want to do so and not because the client can't; the client is not strictly trapped, and if the vendor's prices subsequently became too high leaving would be both possible and economically attractive. In some sense the vendor's superior development platform can be viewed as a platform for rapid prototyping, and the client can always move your systems to another platform if and when it decides that it makes sense to do so.

  2. Ecosystem holdup will occur if a large number of the client communicates with a large number of its customers or its suppliers through a single cloud vendor, suing the vendor's equivalent of a proprietary commercial social networking service or commercial instant messaging service. This similarly turns out to be a manageable problem, as long as the client can maintain a small presence in the vendor's network, operated as a data embassy for communicating with other members of the cloud vendor's social ecosystem.

  3. The data hostage problem is truly the most dangerous source of client vulnerability, and therefore the most likely source of true or absolute lock-in. If necessary a client can rewrite all of its applications over time if it choose to leave an abusive vendor, but the client cannot regenerate the history of all online interactions. A client cannot leave a vendor without its history as represented by its data, because it cannot operate without its data; loss of data would result in total corporate amnesia, and in many cases in total corporate paralysis. The solution is to ensure all clients access to their data, in a timely fashion, in a standardized PDBF (portable data base format).

Of these risks, and indeed, of all risks, we believe that the data hostage problem is the most important. The other problems may create economic lock-in, since clients may find that it does not make economic sense to change vendors, but if the vendor raises prices high enough I can and will flee. In the case of hostage data, fleeing is not an option. We believe that at least at present the data lock-in problem may be the most overlooked.

In Conclusion

We offer the following simple guidelines.

  1. Remember why you are moving to the cloud. This is a risk reward tradeoff.

  2. Remember what the rewards are, and what they are not. Cloud sourcing is a form of outsourcing intended to deliver economies of scale, in systems administration, in load leveling and the cost of serving excess capacity, and in the development of special platforms to facilitate software development. The cloud is not about achieving ubiquitous access and customer or constituent engagement; that is the role of the web, social networking, Facebook, and Twitter. Social networking is a cloud-based application, but it is not necessary to move core operations to the cloud in order to have a Facebook presence, and moving core operations to the cloud does not ensure effective social networking.

  3. Don't forget the risks! Shirking, and deliberate underperformance, and poaching, or the deliberate misuse of data resources and intellectual property, are always potential problems in any form of outsourcing. However, the threat of absolute lock-in that comes from the data hostage problem, and the degree of strategic dependence upon the vendor that this creates, may create unprecedented opportunities for vendor holdup. Indeed, the possibility of lock-in and opportunistic renegotiation, and the current lack of client protection, may represent the greatest limitation to the adoption of the cloud.

A subsequent post will address future sources of protection that may be available to clients, including the following:

  1. Improved standards on transparency, monitoring, and reporting should reduce all forms of shirking.

  2. The interaction between improved standards on reporting of data access and improved legal codes may provide protection from poaching, but at present there are unresolved legal and technical issues.

  3. A standard for a portable database format PDBF, improved contracts, and clarified legal codes will reduce the data hostage problem.

At present cloud standards, vendors' SLAs and contracts appear to offer very little explicit protection; this is the subject of our ongoing research and will be the subject of a future more technical posting.


1 - I can own a kitchen and hire a chef, with the associated fixed costs, and then deliver meals to my constituents via a fleet of taxis or via Federal Express. When I choose to use FedEx I have chosen to use the web, rather than private connections, as I might have done decades ago. Likewise, I can choose to outsource meal preparation from ARA or Marriott, pay only for the meals I order, eliminate my fixed costs, and still use Fed Ex for delivery. Here ARA is roughly equivalent to "cooking in the cloud" and Fed Ex is roughly equivalent to remote online (internet) access. By analogy, I can provide a host of eGovernment services to my constituents with or without the cloud.

2 - Poaching -- the deliberate misuse of information, expertise, algorithms, design, or other forms of P -- seems so egregious that one is tempted to assume that it cannot occur. It has occurred, and will continue to occur, in outsourcing contracts in a range of industries, from manufacturing (kitchen appliances, stereo) to hosted reservations services.

3 - Economic lock-in occurs when it does not make rational economic sense to change vendors, because the combined costs and benefits of staying outweigh the combined costs and benefits of leaving. If the vendor raises prices beyond some level, the client will leave. Absolute lock-in occurs when leaving is virtually impossible. The vendor can raise prices until it captures virtually all of the client's profits. Raising prices beyond that level is pointless, not because the client will leave, but because the client will declare bankruptcy.

Pages:   2