But the talk around cloud is much more than hype. While cloud uptake may be falling behind vendor expectations, it's taking the world - and South Africa - by stealth if not by storm.
What is cloud?
Despite sound advice to the contrary by pundits like Dustin Armhein, I think it's useful to ask this question before diving in. We know about the X in XaaS and the 'five characteristics of cloud', namely shared, virtualised infrastructure, self-service access, elastic resource pools, consumable output and user-based usage tracking.
For this discussion, we're simply concerned about whether 'cloud is not yet making much rain', and part of that relates to monetisation models. A lot of services are being adopted, but often on the free end of the 'freemium' spectrum. Many massively adopted free or dirt-cheap cloud-based applications are already finding utility in the enterprise, often by masquerading as personal services. Google and LinkedIn come to mind, followed by the numerous cloud storage options.
What is driving uptake?
Let's take a look at what is going down in South Africa currently that is actually consuming a chunk of the enterprise ICT budget. Much of the adoption of cloud services is on the 'lite' side: applications such as managed firewalls, e-mail and web content-filtering, virus and spam detection and fax-to-e-mail services are cases in point - the so-called 'Communications-as-a-Service'. These don't involve committing the company's IT crown jewels to an unnamed server in an unknown remote location. These are also services that your ISP may have been providing for years, and that were not even referred to as 'cloud' services, but clearly tick most of the boxes.
Ironically, these are services that are widely adopted for the enhanced security they offer - in stark contrast to the oft-cited fears of security breaches and loss of control that inhibit wider adoption of cloud-based applications.
And then there is the one business application that really has made it in the cloud to date, namely CRM, best typified by Salesforce and MS Dynamics.
Smaller is bigger
The above are examples of applications that are already being adopted, and equally so by businesses of all sizes. Many cloud services are especially well suited to small and medium enterprises (SMEs), relieving them of the need to invest heavily in their own server infrastructure, and related skills and administration hassles. Services are provisioned incrementally, growing as your company grows, so you only pay as you use.
We will know that the vision has been fulfilled when we see a higher level of uptake of enterprise applications such as online accounting or ERP (such as Sage Pastel My Business Online); there has been growth in some areas, and good growth at that, but off a very small base. A similar observation may be made about Office 365, and it's interesting to note Microsoft's sworn commitment to the cloud as a fundamental strategic thrust.
Thinking that just because your data is in the cloud your security is someone else's problem is a naive - security must always be your problem no matter where your data is located.
Theoretically, when evaluating the cloud option for things like ERP, decision-makers would ask the same three questions the CIO always asks: 1. Can it save me money? 2. Can it make me more productive? 3. Can it help me give better service to my customers? If you can check at least two boxes, you would presumably go ahead and make the switch. Consider these:
* Saving money: I only pay for what I use, and a can avoid a big capital outlay. Sometimes that alone makes it attractive to a cash-strapped SME - even if the total cost over time is similar (or possibly even larger since the user has no idea how long they will need the service for). * Productivity: I can assign resources and provision them more quickly to my internal customer, and avoid costly skills that I might otherwise have to employ.
If this is not convincing enough, it may be that the desire to 'hug your server goodnight' is the real reason for retaining the services in-house; or perhaps there are other reasons that relate more to valid concerns about corporate governance and taking responsibility for your data and services.
When is security secure?
The industry has also taken pains to educate the market as to the extent to which their security concerns have been addressed, or are simply ill-founded. The industry providers' reputations hang on this, and they have gone to great lengths to ensure that their environments are secure and safe - in fact, a lot safer than that which an SME might provide in their own environment. Security has become a selling point. Some ISPs see off-site backups as the low-hanging fruit to attract customers into their datacentres for a single outsourced process that is easy to motivate and easy to cost-justify. Once there, they may be attracted to move other functions and applications across.
Strictly speaking, the bigger the cloud service provider, the more secure they have to be - if only for their own sake. If your name is Google or Amazon, the stakes are high, and any individual company that chooses to use their cloud services should take some comfort that they've addressed any latent vulnerabilities, although the recent Heartbleed scare demonstrated a close shave that even some of the larger players were late to detect and expunge.
Depending on the nature of your business, and your customer data, it's also important to consider where your data resides 'data domicile'. South Africa doesn't seem to have a broad legal framework in place in this regard, but there is the Protection of Personal Information (POPI) Act as a specific instance.
SMEs may often be less aware of corporate governance requirements than large companies, especially those in highly regulated industries such as banks. Ultimately, it all depends on the nature of the information you're dealing with, and the sensitivity around that information. If data domicile is an issue for you, your hosting service provider will generally give you the option of local-only hosting.
One caveat: thinking that just because your data is in the cloud your security is someone else's problem is a naive - security must always be your problem no matter where your data is located.
So, if public cloud services are really well suited to SMEs, what induces larger companies to adopt them? The answer often lies in the 'hybrid cloud' approach: first implementing applications in a private cloud environment, getting familiar with the architecture, and then gradually or selectively implementing some elements in the public cloud environment.
Brian Neilson is a director of research consultancy BMI-TechKnowledge. Based on insights from Clinton Jacobs, senior IT analyst at BMI-TechKnowledge.
First published in the June 2014 issue of ITWeb Brainstorm magazine.
Share