IT professionals worry about the performance, security and reliability of cloud computing.
But the biggest barrier is the inability of cloud computing providers to deal with the corporate supply contracts demanded by big business, says Stuart Curley, chief technology architect at Royal Mail.
Curley, who will be speaking on an expert panel at the Cloud Computing World Forum on 29 June, says that many of the worries IT professionals have about the cloud are in reality "paper tigers".
"If you look at most cloud computing solutions they are a lot more secure that your internal systems. The performance and availability of cloud services we have looked at are better than the performance and availability we can offer internally," he said.
The real problem is finding cloud computing suppliers that are set up to work with the commercial contracts demanded by businesses.
"If you want to use Amazon, you have to have a credit card. Well, the Royal Mail does not give me a credit card to buy IT," Curley said.
Similarly, Microsoft offers cloud services on a pay per click basis, which is not suitable mechanism for a large enterprise, he said.
Royal Mail is working with systems integrators, which act as a middle-man between Royal Mail and the cloud provider.
But even this is fraught with difficulties. Most systems integrators are not geared up to dealing with pay-per use contracts, Curley said.
"When you go through a systems integrator, they want guaranteed revenue. Their service model does not fit an on-demand model. They usually want the capital expenditure paid up-front by the customer. We are saying no, if this is an on-demand model, we want to pay as an on-demand model."
Royal Mail is working with CSC and Cap Gemini, which have been able to adjust to the cloud model. Systems integrators that were less flexible simply didn't get the contract, said Curley.
The cloud hard-sell
But putting the business case together internally can also be tricky. Businesses are used to funding projects with fixed rather than variable costs, which can make cloud projects a difficult sell to the board.
"You have work closely with your internal business, your own finance department and the board of directors, so that they understand the benefits of an on-demand business case," he said. "You have to give them confidence."
Simon Walker, founder of Foundation IT, which provides IT consulting services, said that IT departments will need to understand their own internal costs much more clearly than they do now, as they start to weigh up the benefits of cloud services.
"The definition of cloud is so large, you are going to have to create you own interpretation, " he said. "Understand what it means to your business and have a plan."
He argued that organisations will need to re-think their approach to security as they move into the cloud.
"The world is different when you operate in the cloud. You have to think that the world is naturally antagonistic. Your data was always in a hostile environment, but now the cloud has made that increasingly clear."
IT departments should think about protecting data at the data-level, rather than at the perimeter of a network, Seccombe said. And he predicted that they will increasingly turn to independent verification services to check that people are who they say they are before they are allowed access to data.
The systems to enable this approach are still in future. But Seccombe pointed to work by pharmaceutical company Eli Lilly, which demonstrates the approach.
The firm created a series of medical websites in Germany. Under German law, Eli Lilly had to ensure the sites could only be accessed by doctors.
"The idea of Eli Lilly keeping a list of doctors and all the other pharmaceutical companies doing the same was ludicrous. We needed a third party to do that checking for us."
The result was DocCheck, a third-party service that checks that doctors accessing pharmaceutical sites are genuine doctors.
Marc Wilkinson, director of cloud practice at HP, advises organisations to keep business-critical services in-house, where they can use IT to gain a competitive advantage, and manage the security of their own systems.
"You need to understand what your servicing strategy is, what services are your key differentiator," he said.
Nevertheless, IT departments can't afford to ignore the cloud. If they do, they risk losing control of the IT assets in their organisation.
"If I get a call from sales in IT, and I am not able to deal with their request quickly, it's easy for them to go to a cloud provider and buy the service on a credit card. It takes IT right out of the equation," Wilkinson said.
And the cloud will force IT departments to raise their game, he said.
"If you are a developer and you can get your credit card out and buy storage for data and computing power in five minutes, waiting two or three months for IT to provide a server is not realistic."
"Cloud computing is an opportunity for IT, but it's like a train and it's coming at you very quickly," he warned.
Royal Mail goes into the cloud
Royal Mail signed a major contract with CSC in November. The Connect 2010 project aims to provide 33,000 staff with Microsoft's Business Productivity Online Suite (BPOS), part of Microsoft Online Services.
The project will provide staff with access to the latest Microsoft Online Services including Microsoft Exchange Online, Microsoft Sharepoint Online, Microsoft Office Communications Online and Microsoft Office Live Meeting.
It took Royal Mail a year to design the contracts but the deal means that Royal Mail is able to deal directly with CSC, rather than the cloud computing provider.
Royal Mail signed another major cloud contract with Cap Gemini earlier this month. The project aims to move about 120 applications from Royal Mail's e-business platform into the cloud by 2011.
- Stuart Curley, Adrian Seccombe, Marc Wilkinson and Simon Walker are speaking at the Cloud Computing World Forum in Olympia, London, 29 June 2010.