Cloud: The New Normal or Not

“If you use a shared environment for your user applications, you’re in the cloud”, says Leen Ten Haaf, former CIO at Indaver. “You gain flexibility, scalability and it is often cheaper, but you also have to accept the standards that are offered to you.” “Not necessarily so”, says Betty Bogaert, CIO at Recticel. “We have adopted Ariba’s supplier management solution a while ago. It is in their cloud, but we have fully customized it to our needs.” “And how does private cloud computing differ from a mere managed service?” Erwin Verstraelen asks.
Let’s look at Gartner’s definition of cloud computing: A style of computing where scalable and elastic IT related capabilities are provided as a service to customer using Internet. “Because of the scalability it is often cheaper”, says Edwin Maaskant, VP at Gartner. “Cloud was initially created as a financial trick: the data centre provider did a large hardware investment and customers paid for their box on a monthly basis. Virtualization didn’t even exist in those days. Today you can scale more easily and perhaps it’s that economy of scale that defines cloud best.”
“I agree”, says Peter Vermeylen, IT Director Europe at Graphic Packaging International. “But there are different levels to that scalability. When you need a platform for 2000 users for a period of two years, you’ll have an interesting price in the cloud. If you need the same platform but with an undefined scalability, you’ll get a totally different price tag. Contractual scalability is fiction.”

Challenges

For every advantage, there’s also a challenge: who owns the data, where’s the data stored, who manages it? Google doesn’t tell you where data are stored, local providers like Cegeka have their datacenters in Belgium, so you know. Even if their infrastructure contains virtualized machines with boxes that move around continuously. “The line between public and private is very thin”, Erwin believes.

Agfa’s Freddy Van den Wyngaert confirms: “We could use software development environments in the cloud for the applications that we commercialize. But this is about our intellectual property, so we keep it internally and create a development platform internally, in the cloud. We don’t want to put our IP for grabs.” Betty Bogaert adds: “We CIOs have concerns with data loss prevention and recovery, but our colleagues at Legal have more issues with liability in case of data loss or theft.”

Security audits

Bart De Preter from Cegeka says his employer needs to be compliant with the security policies of its customers and that they have to accept audits, as financial customers need to submit reports to governance bodies like FSMA. Edwin Maaskant: “It is sometimes quite peculiar. A large pharmaceutical company refused to migrate its e-mail management system to the cloud, because of confidentiality and criticality, but has no problems with the use of cloud computing to manage clinical trials.”

“Sometimes we are too conservative. Yes, you’ll get hacked one day and you need to be careful. But we have also outsourced our wide area network, haven’t we? And Angela Merkel’s phone was tapped, but do we call any less?”, asks Erwin Verstraelen. “Data is not per se safer in house. You know, managing servers won’t get you any applause. We need to ask ourselves if classic IT tasks are still to be performed by the in house IT department. Shouldn’t it be more concerned with strategic projects, problem and incident management, and so on.”

Integration with other applications

Another barrier for cloud is integration with on premise applications. If you don’t want to register data twice or more in your systems, you’ll have to build interfaces, and manage them as they need adjusting for every cloud software upgrade. Your ERP often doesn’t contain all the data, it can have up to ten or more applications swarming around it. That layer requires integration and agility.

That is precisely the reason why a large Cegeka customer decided not to go through with its Office 365 ambitions. Bart De Preter: “This was a Lotus Notes customer. As it is often the case, they had a lot of native Lotus Notes applications integrating with the e-mail client. Even if these required a lot of storage and switching capacity, the integration was too important to abandon Notes for Office365. They would have replaced Notes immediately if it had been for e-mail only, but in the end, there was no business case to give up their application architecture and move to the cloud.”

Another Cegeka customer did decide to move to Office 365. “But not before defining a very clear scope”, De Preter says. “Frequent users got standard Office 365 licenses, occasional e-mail users received kiosk and web clients. Thanks to that clear choice, they were able to save a lot and add external managed services to manage the mailboxes. Of course they had to let go a few Outlook plugins. You have to make choices or you don’t have a business case. Flexibility and cost savings can go hand in hand but they can also be conflicting.”
Security and integration are concerns, but we have definitely chosen the road to the cloud. In 1994, the CEO of a Belgian bank stated that the internet was potentially interesting for marketing campaigns, but that the bank would never do transactions online. In ten years’ time it will be the other way around. Cloud will be normal and we’ll have to prove to the business why we CIOs absolutely need to host their project on premise. Cloud is or will be part of the new way of working.

CASE STORY: A difficult cloud roadmap

Agfa Healthcare software is used throughout Europe for care centers/hospitals to manage electronic patient records. Customers can rely on an Agfa’s service desk to resolve issues with their software or perform upgrades. “In the past, we used SAP CRM 5.0 for IT service management. That was a slow and cumbersome system and the user interface wasn’t very intuitive. We migrated to the better version 7.0, but the damage was done. Users wanted a new application and provider. We decided to migrate to the cloud application ServiceNow: they offer a lot of functionality and ‘everything of ITIL was possible’. The demo was very promising, and there was a full back-up scenario to guarantee 24/7 availability as hospitals never stop working.”
It was the start of a difficult roadmap, says Freddy Van den Wyngaert. “We had also to program more than 200 alterations to the standard out of the box application to accommodate the additional business user needs, and encountered a privacy issue with patient data registered in the incident management process in Germany. It pushed back the launch in Germany with another six months. Today, we are behind our initial schedule and have exceeded our budget. I had to put it to the Executive Committee level, where we decided to bite the bullet for the time being.”

Lessons learned

Freddy has a few lessons to share: “First of all, we never asked our customers if they wanted to work with an IT service management system in the cloud. Two: the contract negotiation with ServiceNow about exit strategies and SLA breaches amongst others, cost too much time and effort because of development from scratch. Three: cloud or not, we don’t pay per user or ‘for the use of the software’. Internal users who do not use the system for six months still receive a monthly charge. Lesson 4: our provider was very proud of his response times, but they measure it just outside their data centre, not on your curb or better, your pc. If you decide to outsource, you want quality of service and measure E2E. On a side note: large public clouds are now integrating with MPLS networks. That would give you speed, but you’re also in your own security perimeter. It becomes easier to create a hybrid data centre then and you have correct E2E response time measures.”

CLOUD SERVICE PROVISION IN EUROPE

Why is Europe lagging behind (the US) with regard to cloud adoption? How can we develop the cloud industry and create jobs in Europe? The European commission decided to investigate this and asked Gartner to perform an audit.

Gartner analysed the contracts of 75 cloud providers to find the differences in contract terms. “We need to lower the barrier”, says Edwin Maaskant. “If you have the same contract terms and service levels, it becomes easier to choose a provider that fits your needs and the step towards the cloud will be easier as well.

The final proposition comprises three elements:

1. A terms of service checklist: can I adapt my application, what about data retention, what about security, what demands can you impose on the cloud provider, what are his responsibilities with regard to business continuity and data recovery?
2. Service level agreement provisions: what penalties or quantitative and qualitative conditions do we have to foresee? And what do we mean by outage, availability, RTO, RPO, incident resolution, and so on.
3. A cloud toolkit: Gartner has built a toolkit that allows users to compare providers. Large companies often ask one of the big four to analyze all security risks, service levels and hidden costs, but that’s not always possible for SMEs. The toolkit will allow them to do it themselves.

The evolution to the cloud is the same as the first generation of outsourcing ten years ago. The ingredients are the same: it is about availability, data recovery, SLAs, incident resolution and so on. “There are cloud providers that don’t mirror their data, outage is always defined differently and very few providers mention how they resolve incidents. These service provisions will make cloud more mature. We have tried to normalize a few rather obscure characteristics. And maybe we need to create a trusted cloud service certificate in the future, a kind of quality label”, concludes Maas.

Dowwload a pdf version of this article