Wednesday, January 27, 2010

EMA’s Mann: enable the ‘responsible cloud’ while allowing cowboys enough rope to experiment

I remember back in the '90s when the World Wide Web was being described as the Wild Wild Web. For me, that phrase always conjured up jarring visions of gunslingers waiting patiently for Netscape Navigator to download page after page of underlined, blue hyperlinks.

Fast forward to 2010 and the next big wave of IT change -- cloud computing -- is being described in much the same way. Andi Mann, vice president at industry analyst group Enterprise Management Associates (EMA), recently authored a report (“The Responsible Cloud”) that used the same type of a frontier metaphor to describe the situation enterprises are finding themselves in with cloud computing today.

Andi's report centered not only on data describing the state of cloud computing in larger enterprises, but also made a big deal about the fact that many key management disciplines are both critical and still not in place for cloud. Both Carl Brooks of SearchCloudComputing and Denise Dubie of Network World wrote good summaries of some of the EMA report’s findings (CA, my employer, by the way, was one of the report’s sponsors).

To dig into what some of the specific survey findings might mean, Andi spent a few moments to do this Data Center Dialog interview. Read on for Andi’s thoughts on the speed of cloud adoption, why he was so surprised about some of EMA’s data about virtualization, respondents’ strong bias against public clouds, and just how you can make the most of those IT cowboys.
Jay Fry, Data Center Dialog: Andi, the EMA Responsible Cloud study you just published has some great data about customers’ current thoughts on some of the most important issues about cloud computing at the moment (hint to readers: it’s not the definition). First, a couple specific questions about your report. You reported that 11% of your surveyed companies are intending to implement cloud computing in the next 12 months. Does that feel like a lot, a meager number, or just about right given where you feel things are at the moment?

Andi Mann, Enterprise Management Associates: Given that we are really still in an early-adopter period with cloud computing, I think 11% seems just right considering we were looking only at mid- to very large-sized enterprises. Of course, there is a lot of hype around, with predictions of 20, 30, 40% or more of enterprises switching to cloud, but these seem over-optimistic to me. Cloud is a fundamental shift in how we build and deliver IT services, and especially with these larger organizations, it would be surprising to see an overwhelming adoption just yet. With still slow economic growth, that would mean enterprises dumping their sunk cost in existing IT, which realistically is simply not going to happen overnight.

DCD: One of the big on-going debates (still, unfortunately) is about the reality of private clouds. Your survey numbers say that they are not only real, but are favored by a significant number of customers (75%). Some industry watchers have called private clouds a stepping stone to the public cloud; others see it an end in-and-of itself. Others call it purely self-serving vendor hype. What is your take on your results – and the debate?
Andi Mann: The results did not surprise me. In fact, it seems to me that a lot of predictions about public cloud are based on impossibly idealistic notions of IT, not on the realities of a day-to-day, in-the-trenches view. Enterprises like the idea of cloud, but are looking for a balance between the ideal and the achievable. So they will look to get the benefits of cloud computing – the economies, the self-service, the agility and flexibility – from their own existing investments.
Over time they will likely branch out into public clouds in some way, but IT never gets rid of anything – mainframes, COBOL, client-server. Heck, I know some very large organizations still running Windows NT and even DOS on mission-critical systems today. I have no doubt it will be the same with cloud – private and public cloud will both simply extend the IT we already have, not replace it.

DCD: I like your comment that cloud computing is “like any ‘new frontier,’” it has “too many cowboys, and not enough sheriffs.” The whole focus of your report is the “responsible” cloud and your prescriptive maturity model for how to get there. What is so “irresponsible” about how many orgs are approaching the cloud at the moment and how do you suggest that get fixed? What’s going to lead to more sheriffs in IT? Will we get there quickly enough?
Andi Mann: The issue I see with many “irresponsible” cloud deployments is that they are lacking important management discipline – monitoring, audit, change detection, data management, and more. As a direct result, they are open to some pretty crippling problems, like data loss, downtime, poor performance, audit failure, and more – which might be fine for a Web 2.0 startup, but is unacceptable for a global financial enterprise.
As cloud use becomes increasingly mission-critical in major organizations, I do believe we will see repercussions for this lack of management, including loss of business, damaged credibility, prosecution, fines and more. When that starts to happen, we see in our research that performance monitoring, event management, reporting, security, automation, problem diagnosis, alerting, and more become more than nice-to-have, but rather mission-critical in their own right.
DCD: Coming from CA, I’m obviously a big proponent of the management disciplines you talk a lot about in your report and how to bring those to the cloud. However, I’ll play devil’s advocate for the moment: isn’t there something good about breaking the rules sometimes to get huge changes accomplished? I’ve heard lots of anecdotal evidence to suggest that cloud computing is following the same adoption trend that has been followed by so many disruptive innovations that have gone before: adopters often doing their adopting by ignoring the rules (developers paying for EC2 instances on their credit cards and the like). If IT were to always stick to the tried-and-true, innovation would never have a chance. How should companies look at those trade-offs?
Andi Mann: That is actually a really good point. It is important to see that “irresponsible cloud” is not always bad per se, or at least not forever. My colleague Julie Craig actually pointed this out in the report, saying that the “cowboys” of IT, just like in the Wild West, have an important role in opening up new frontiers like cloud. With many positive aspects of the pioneering spirit of the Wild West cowboy – adventurous, innovative, self-sufficient – they take risks so that they and others can eventually reap the rewards.
But there is a time and a place for them, and once they start to threaten the integrity of mission-critical systems and data, they must be reined in. Otherwise organizations will start to face data breaches, compliance and audit failures, service outages, staff costs, and more that will damage their business, rather than enable it.
DCD: You talk a bit in your survey about “rogue deployments” of cloud computing. What should even the most process-driven IT department learn from some of these rogue cloud efforts? Is there a good way to pull some of the rogue efforts back into the mainstream that you’ve seen?
Andi Mann: This comes down to gaining visibility into cloud deployments – such as through application mapping, network monitoring, change detection, or simply asking – and then allowing the cowboys enough rope to experiment, to learn what works and what doesn’t, to build skills and knowledge, to fix broken processes and streamline failing ones, and even to make some mistakes, as long as they are not "playing" with mission-critical systems.
Over time, these cowboys can potentially become important contributors in a new cloud group within IT, with a mandate to experiment, and go outside the box, with non-disruptive systems and experimental applications to start with, but over time with mission-critical systems too. Certainly stomping them out is not the answer – instead, by finding out what they are doing and why, you will learn what is broken and how to fix it.

DCD: Your data about virtualization adoption shows VMware at the top, as expected. However, both Microsoft Hyper-V and Oracle VM (with the Sun xVM numbers added in) are not so very far behind. That seems really surprising to me. What’s your take?
Andi Mann: Yes, that was surprising to me too. VMware leading all is not a shock, of course. I have been seeing Hyper-V gaining strength in virtualization too, so I am not too surprised Microsoft is a strong second choice, especially given the massive deployment of Windows and the strong leaning among respondents toward private, on-premise cloud.
However, I am very surprised that Citrix XenServer in particular is behind Oracle VM/Sun xVM (although the gap between them is within the survey’s margin of error). I think Oracle VM or Sun xVM are well behind even other Xen variants as general virtualization platforms. They especially need to grow their limited ecosystem of management support, particularly in essential areas of cloud management like automation and service management, before they are even close to parity with ESX, Hyper-V, or XenServer. Yet with Sun’s stellar pedigree throughout the Internet boom, Oracle’s market dominance in applications, and a formidable stack that runs from hardware all the way up, perhaps it stands to reason that Oracle has a bigger opportunity in cloud than I and many others (including Larry Ellison, at least in public [prior to their recent Sun briefing, anyway -ed.]) previously thought.
DCD: What were the other big shockers for you as you put together the report?

Andi Mann: For me, a few things really stand out. The first is the importance that these respondents put on management. Common wisdom (which frequently is neither) says that cloud is flexible, open, unrestricted, and unencumbered by processes or disciplines like ITIL or ISO or ITSM. However, the reality is the exact opposite, with a majority of organizations actually believing that most management disciplines are very important, with many cited as being even more important to cloud than to traditional IT.

The second big shocker was the impact on maturity that cloud can help to deliver, with the data showing not just a correlation between maturity and cloud deployment, but even suggesting that cloud deployment actually leads to increased IT operational maturity.
Third is the high number of respondents that cited difficulty or cost of implementation and lack of flexibility and agility as their most critical problems in cloud computing. Again, this runs contrary to the common wisdom that cloud is easy to deploy and flexible to run.
Finally, perhaps the biggest shock is the total beatdown that real enterprises give to the idea of public cloud – with 69% of respondents completely rejecting public cloud options, and only 9% choosing to adopt a purely public cloud approach (compared to 46% adopting a purely private cloud approach), it really stands out as a pariah in the choice of deployment models.
DCD: When customers are looking to select cloud computing technologies, your numbers say that an existing relationship with a vendor is the least important of all selection criteria. So, all bets seem to be off with the cloud, eh? Any insights on why?
Andi Mann: This is not entirely unusual. In fact, we have seen the same result in desktop virtualization. There are a lot of things more important than a single supplier or a relationship with an account manager. Ultimately, these are nice to have, but if you cannot ensure uptime, security, performance, or other absolutely critical values, a supplier relationship will not stop you going out of business. So enterprises are rightly focusing on what is really important. Vendor relationships will come into play, but only after all other requirements are satisfied.
So virtualization and other vendors that have aspirations to be cloud technology providers had best make sure they bring their ‘A’ game – they will not get on the team by reputation alone.
DCD: Many surveys about cloud computing have pointed to security, compliance, technology maturity, and even potential vendor lock-in as barriers to success. Interestingly, yours is one of the few (only?) I’ve seen where “human/political issues” tops the list. From my experience, organizations don’t always realize that is going to be a problem, but it ends up being a huge one, so I think you’re spot on. Any color on this and did you hear anything about how organizations address are currently looking to address this hurdle?
Andi Mann: I think a lot of people, including analysts, can forget that IT is a combination of people, process, and technology. We saw in our research into virtualization on multiple occasions that the human issues were actually the biggest hurdles to success – especially skills, resourcing, and time, but also departmental politics – so we included this in our cloud survey as well.
Especially in new technologies, the technology and process can be difficult, but ultimately it seems the people issues are the most difficult to overcome. Again, you can start to address these issues with controlled ‘skunkworks’ – using deployments in non-critical areas not just to build skills – but also to establish repeatable procedures, and to show how to be successful, so you can at least get a head-start in overcoming skills, resourcing, and political issues when the time comes to deploy cloud for critical systems and applications.

Thanks for the additional insights and in-depth commentary on the EMA report and survey results, Andi.
If anyone would like the report, but is not an EMA customer, you can purchase the report here.

No comments: