Predicting a Cloud Outlook for 2013
By Andrew Hay
Remember when a “cloudy outlook” was thought to be a bad thing? That’s since changed, and in the world of emerging compute architectures, a cloudy outlook no longer has negative connotations. In fact, cloud continues to enable growth and innovation by presenting a low barrier to entry for startups and new market opportunities for existing companies.
The year ahead is fantastically cloudy but will require some rethinking and, in some cases, rearchitecting to fully embrace what cloud has to offer. With that in mind, here are our top three cloud predictions for 2013.
Cloud Prediction #1: Operational delight in public cloud will likely cause companies to rebuild true private clouds.
Many organizations have already invested time and money into their virtualization infrastructure, with many bestowing the title of “private cloud” to their design. Unfortunately, a true private cloud requires capabilities that brick-and-mortar virtualization stacks cannot provide. As defined by NIST Special Publication 800-145, a true cloud must meet certain requirements, including on-demand self-service, broad network access, resource pooling, rapid elasticity, and the ability to provide measured service (i.e., utility usage).
The ability to extend or burst an organization’s cloud environment into the public cloud is another architectural consideration. These hybrid cloud environments are composed of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). To take full advantage of utility and dynamic cloud server operations, planning for future hybrid deployments is something that needs to be considered before it’s too late to change.
Organizations will likely invest substantial time deciding how to extend their current virtualization strategy to give them the required cloud capabilities, and some may even consider replacing their technology outright if a migration or augmentation path cannot be found. Though not an inexpensive undertaking, organizations would do well to consider absorbing the short-term financial penalties for early adoption against the long-term financial and operational benefits of properly defined cloud architecture.
Cloud Prediction #2: New IaaS players will accelerate the IaaS price war and drive considerable focus on mutli-cloud portability.
Google Compute Engine, Microsoft Windows Azure, and HP have all entered the infrastructure-as-a-service (IaaS) market over the last two years to challenge incumbents such as Amazon EC2, GoGrid, Rackspace, and others for the hearts, minds, and wallets of enterprise cloud customers. Even Oracle announced an IaaS offering this year.
Competitive pricing models, combined with the promise of ease of use and expedited deployment time, serve to draw new customers to their respective offerings. Which IaaS vendor is the right IaaS vendor? The more cloud security vendors that enter the fray, the blurrier the lines of differentiation become.
As such, portability between providers becomes a primary concern for users -- and a thorn in the side of cloud providers looking to keep customers on their platform. Customers are going to be pushing their providers to allow them to liberate their servers, application, and data so that choice of cloud service provider is their decision. Providers, on the other hand, aren’t going to go out of their way to help organizations liberate their data, but they’re not exactly going to prevent it, either. In fact, most providers are have some tools to help prospective customers migrate their information away from a competing cloud provider to their own platform -- in most cases, free of charge.
It will be interesting to see how the competitive landscape shapes up in “The IaaS Wars” in 2013.
Cloud Prediction #3: Auditors will become more knowledgeable about cloud and focus heavily on SaaS and IaaS implementations within large enterprises.
Customers will continue to push their auditors and assessors to better understand their employed cloud architectures. SaaS, PaaS, and IaaS architecture projects are in various states of completion across organizations in nearly every industry vertical. It’s also unlikely that organizations are going to wait until their auditors and assessors feel comfortable with the technology they’re chomping at the bit to deploy.
To better help their customers, auditors and assessors will need to ramp up their cloud knowledge ahead of official guidance from regulatory entities such as the PCI SSC. There are numerous training classes and free training resources available from well-respected organizations such as the SANS Institute, the Cloud Security Alliance, and other independent sources that can help expedite the knowledge transfer.
Auditors and assessors should also talk to their peers as organizations are achieving certification for regulatory mandates in cloud architectures today. Those firms “in the know” should take the high road and help educate their compatriots as to what to look for and how to address certain requirements so that everyone is on the same page.
Andrew Hay is the chief evangelist for CloudPassage, a cloud server security provider, where he serves as the lead advocate for its SaaS server security product portfolio. Find Hay tweeting at @andrewsmhay.