A recent research report on cloud computing says that SMB buyers prefer to get their cloud applications from a single provider rather than to mix and match. That’s not surprising given that for over a decade, SMBs have cited difficulties in sustaining strong technology talent as being among their top three tech problems. But it also shows that “the cloud” means different things to different people.
In my own research, SMBs have consistently said that a “cloud service” is any SaaS offering, meaning that they equate the term to “hosted”. Interestingly, while 100% of enterprises know what “IaaS” and “PaaS” mean, only 31% of SMBs do, and almost a quarter of those who say they’re interested in or consuming SaaS ask to have the term defined before answering.
If you strip out the “hosted” applications of the cloud, SMBs currently spend less than 3% of their IT dollars on cloud services, bordering on statistical insignificance. If all hosted services are considered, the number is about 6% for mid-sized businesses and about 11% for small businesses, the latter being higher primarily because of hosted web presence, email, and backup.
There’s a moral here. All the surveys about the cloud success or the cloud explosion are dodging a hard reality, which is that it’s not the number of companies who use cloud services but the percentage of IT budget moving to the cloud that matters. “Cloud penetration is doubling” just means that twice as many people are trying the cloud, not that the cloud’s role in IT is increasing that rapidly. Further, since most of these surveys target SMBs more than enterprises, the results are biased first by the differences in the SMB space and second by the lack of understanding on the part of SMBs of what “cloud computing” really is.
Among cloud players, IBM and Microsoft get the highest marks on practical cloud strategies, and the second-highest go to the common-carrier cloud services, even though AT&T’s cloud offerings are still developing and Verizon’s (via Terremark) are only recently branded by the carrier. The reason is that enterprises see any outsourcing as a risk, IT outsourcing as a conspicuous risk, and outsourcing of any critical applications or data as a risk bordering on unacceptable. They demand both a trusted partner and a credible strategy for risk management. Right now, both the big vendors we’ve named offer both, and the carriers are trusted in terms of financial stability, professionalism, and quality of infrastructure. Where vendors have the edge is in the planning of a cloud-ready IT commitment. I think that the latter is more important than most people realize; simple IaaS cloudsourcing doesn’t address enterprise needs except in development and pilot testing. Anything other than IaaS requires significant SOA-like integration, something IBM and Microsoft realize and others either don’t realize or don’t address.
The assertion that the Sony PlayStation network hack was hosted on Amazon’s EC2 isn’t raising all that many hackles among the cloud promoters, but it has demonstrated to enterprises yet again the concept of “collective risk”. A single company, particularly one with a low public profile and little customer credit data on file, has relatively little risk of being targeted by hackers. A cloud hosting a thousand or ten thousand or a million companies is a much more attractive target. Sony gets attacked because they’re big, but would Mom’s Pizza be at risk? Not as a stand-alone, but it might well be part of a larger risk pool if their cloud host is attacked. Thus, moving to the cloud could raise risks of hacking. Not only that, if the cloud is hosting the hackers, might they not be able to hack others on the cloud more easily, exploiting interprocess issues or opportunities for denial of service? Hacking is an ROI- or publicity-driven process, after all.
Some of the earliest cloud successes (in total-revenue terms) are likely to be the kind of services that AT&T’s offering for Windows support. These services don’t ask customers to outsource data or their critical applications, only to outsource support, and cloud resources are applied not to run customer apps but to improve support economies of scale and thus improve both pricing and profits. This illustrates why I believe that service provider cloud computing and service provider service-layer intelligence are likely to converge on the same architecture. It’s only logical to assume that a provider who successfully sells a support service would be successful in selling cloud services, if the tie between the two was clear. It’s also better for economies of scale if IT functionality (whether the providers’ own apps used in customer support and services or the customers’ apps hosted in a provider cloud) uses common servers/software and common support tools.
Speaking of Amazon, early responses from my spring enterprise survey suggest that the EC2 problem they had didn’t impact enterprise cloud planning much. That’s because enterprises were not, in the main, considering EC2 as the host for their critical applications. What the survey shows among SMBs is that those with clouds in their eyes, the early adopters, took the process in stride while those who were on the fence were more likely to be hardened against cloud usage. In short, it increased the skepticism among those still considering the cloud, which may (if the feeling persists) impact the sales cycle for cloud services.
That’s a good issue to close on. We tend to forget that a market normally classifies as either being push or pull, meaning sales-driven or demand-driven. There are some number of buyers who will go out into the marketplace (meaning the Web, in most cases) and look for cloud providers. That’s not likely to be how mission-critical apps are handled, though. For that, you need a sales effort to create a sense of personal accountability—my salesperson will look out for me. The larger players like AT&T, IBM, Microsoft, and Verizon have a sales force that can hug and cuddle wary buyers, and that is more likely than anything to propel them to the top of the cloud heap.