Cloud Vendors – Great Power, Much Responsibility

Posted on April 18, 2014

0



Headlines abound as the race to the bottom continues in the price wars that is benefiting Cloud Computing users but challenging the 3 principles in Cloud Computing – Microsoft, Amazon as clear leaders with the rapidly maturing but still lagging Google – as they struggle with a new class of business model economics that can no longer rely solely on operational efficiency backed by cost competitiveness. As cost becomes a level playing field there are interesting new shifts in play that will move the emphasis into other areas such as end user experience, brand relationship and trust in the battle for market share.

Microsoft Azure marches relentlessly on with its delivery of a rich end user functionality experience driving home its ease of use credentials, a clear advantage when coupled with its mature partner ecosystem and by association rich customer relationship market surface area. As Scott Guthrie announces the preview of the next generation Microsoft Azure Management Console with a whole raft of features. Features that make it easier and faster to tap more of the great Cloud Computing economics of scale and utility that is spawning a new era of business agility. I do not intend to address the feature benefits coming to market but the trending impact of such a use friendly experience which may prove to be a double edged sword for Microsoft.

It is not the first time we have seen technology emerging from the control of just the technically adept magicians into the consumer space of everyday end users. To draw a parallel, Object Orientated Programming (OO) back in the ’90’s heralded for many purists the end of program development as a skilled profession. The point being made was the Object Orientated (OO) programming models would render developers little more than Lego Builders. As OO programming modularised many common functions and methods in the form of program objects and libraries that developers could stitch together instead of having to write from the ground up each time. The reality was it did simplify development but shifted the focus. Developers were able to spend more time building more complex and advanced software than hacking out repetitive tasks that could now be pulled off the shelf in the form of vendor produced programmable objects ‘libraries’ of functionality. Critically it has made programming more accessible to the hobbyist lowering the bar of entry considerably as rich development environments such as Microsoft Visual Studio and Adobe’s Dreamweaver provide the ultimate canvas to create software on. Microsoft even do a starter version of its Visual Studio for FREE, head over and get Visual Studio Express.

Microsoft are driving a similar evolution with Cloud Computing. The menial scripted grunt work is being replaced with autonomics dressed up in rich point and click user friendly interfaces and template based frameworks. The vendor heralding benefits being to allow systems administrators and developers more time to focus on the higher return activities that can better materially benefit and advance their organisations.

All good so far. But with such convenience as with OO Programming, the automation and abstraction of complexity does come with a health warning for vendors and users alike. With OO Programming the accessibility was still constrained to the technically adept who could architect, develop and code, but cloud computing has lowered the bar to a point where any computer literate individual can now start deploying significant computing capability with almost no programming or systems administrative training. This includes:

  • Websites complete with content management, file sharing or blogging capabilities.
  • Computing infrastructure with enterprise grade Application Servers such as SharePoint MS SQL and Biztalk.
  • Virtual Network & Virtual Private Networks, point and click secure connections between physical office networks and the cloud.

It’s becoming akin to a Server and Services Supermart!

This now presents significant challenges, as this speed of evolution exposes new vendor risks to be managed both by the technical departments as well as the marketing machines. As marketing is becoming the new driving force behind product release cycles and investment.

At a high level these can be viewed in terms of:

Efficiency

As we see in OO programming, default ‘objects’ or libraries tend to be compromises. A jack of all trades solution but master of none. Whilst they may help accelerate development they invariably contain more code and less optimised process than would be desirable if a programmer wrote a dedicated ‘Object’ specific to the demands of the program they were writing. For many scenarios this has little perceptible impact. The march of time and evolution of processing power, available memory and storage in computing systems has masked the overhead of this inefficiency. With Cloud Computing though this has ramifications for the Cloud users just lifting workloads into Virtual machines hosted in the Cloud as the inefficiencies of such a model soon scale up and risk eating away at the very economies of scale that make Cloud such an attractive proposition. Technical competency to architect and then build or evolve systems to truly leverage the unique characteristics of Cloud Computing is underestimated by many.

This has its challenges for the cloud vendors as fine performance margins demanded by the price race to the bottom get a boost from the inefficient use of their resources by first generation cloud users. The risk is end user disillusionment to the cost of running combined with an exponential complexity and overhead of maintaining inefficiently migrated systems.

Security

The release of ever more end user and non-technical friendly Cloud toolsets to the market is a minefield of vendor responsibility that requires great diligence. A somewhat conflicting concept when considered alongside the rapid release cycles of Cloud technologies and demands of marketing departments to parry competitor feature sets as they appear in flurries on the marketplace. With on premise solutions this was largely contained within private network boundaries and slower software release cadence, but with the Cloud these solutions are iterating at a fragmented level and ALL connected in some form to a public network subject to the gauntlet of hackers that are scanning every second almost all the registered Internet Addresses looking for weaknesses. This means that vendors need to raise the quality of their development, test and release practices as well as the unique security context they provide their offerings and finally the mechanisms for maintaining Cloud systems securely and up to date.

The downside for any vendor that falls foul is huge in terms of brand fall-out, loss of trust and credibility. As the rich user interfaces invite less skilled users they become less aware of collateral issues that their actions may have, the fingers are bound to get pointed at vendors when security is compromised. I do mean ‘IS’ compromised, because it is only a matter of time. Furthermore the maintenance and support services from these Cloud vendors introduce what I regard as the final mile in Cloud Service provision with its absence presenting additional ramifications to security. How do these end users know when to patch their solutions or is this something the vendor does for them? If it’s the vendor then whose fault is it if the user’s solution breaks when a vendor applies a security patch automatically? The complexity of the maintenance and support variable in the mix abounds.

For end users it is the ability to replicate and deploy solutions faster than ever before which is both the attraction and the challenge. Placing a greater burden on systems support and maintenance, which if not taken seriously exposes organisations and individuals to compliance breaches and data compromises as solutions fail due to lack of basic maintenance. Again fingers will get pointed at the vendor BUT the responsibility will be far from crystal clear as far as end users are concerned. Reflection on the HeartBleed flaw in the OpenSSL libraries used extensively across the Internet, on mobile devices, PC’ and servers alike attest to. Many organisations lack the basic support and maintenance discipline to identify let alone know how to deploy fixes across their IT estate on premise, Cloud systems don’t fix that but raise the stakes. Where you could get away with lax retrospective maintenance and support with Cloud it is a fool’s errand. The Heartbleed debacle is not a one off, but heralds a new generation of challenges to Cloud vendors and users alike. It will almost certainly occur again in some shape or form, whether on the same scale or not is still to be seen. Use of commercial software may be an insurance versus Open Source, but much of the commercial software today leverages Open Source components.

Reliability

Ultimately it is the end user experience that will drive this metric. At the pointed end of this is the unanswered question as to how reliable is Cloud. We have seen all the main vendors experience significant outages. When your IT is in the Cloud and it goes down then you are at the mercy of your Cloud vendor to rectify that.

Microsoft is perhaps the most at risk of the big Cloud Vendors. Microsoft’s traditional on premise business has been fundamental to rapid adoption rates of their Cloud services by these same customers as a consistent trust relationships pull through. Complemented greatly by the rapid maturing of the end user experience of its Cloud Offerings to match its on premise experiences making cross skilling a key selling point. Google and Amazon are well behind the curve on their solution usability, and attempts to build enterprise relationships has been largely unsuccessful outside of some discrete workload, as for their developer/partner ecosystem these are negligible in comparison with Microsoft. Despite its rich Partner Ecosystems Microsoft continues to struggle with its quality of supports service across its Cloud offerings and this is only just starting to raise the spectre of the support and maintenance challenge for end users as they commit to cloud. Amazon and Google in turn are hardly in motion across support and maintenance.

Support and Maintenance

Undoubtedly becoming the new surface area across which security and end user experiences gets governed. As yet there is only one vendor who is addressing this space across the whole stack, The Arcadia Support Group with their strategic tie up with Gartner No.1 Infrastructure autonomics leader IPSoft delivering a unique full support and maintenance service that encompasses the whole IT stack, extending deep into the Custom Application layer where no other vendors dare to tread, spanning both Cloud and on premise. This is the last mile in Cloud Computing, Support & Maintenance where even Microsoft with its Partner Ecosystem is struggling to produce a consistent deliverable.

Advertisements