- Cloud buyers and suppliers on their first date
- Cultural shift for public sector IT
- Demand for common standards
- Risk aversion and opportunity cost
- Cloud security concerns go unaddressed
- What customers want from cloud suppliers
- What suppliers want from customers
- Barriers to cloud computing
IT departments and suppliers have a long way to go before they understand each other on cloud computing.
That was the conclusion when IT practitioners and suppliers met at London law firm DLA Piper to discuss the barriers to cloud.
In the words of Mark O'Conor, partner at London law firm, suppliers and buyers are like a tentative couple out on a first date.
"It feels like we are at odds," he says. "Each side is looking to the other and both sides are waiting for each other to take a step forward."
Cloud computing - which offers IT departments the potential to buy in IT services as a commodity when they need them - has become one of the hottest, most hyped and perhaps most confusing topics in IT.
Sign-up to Computer Weekly to download the latest resources on cloud computing
- The online challenge to business: Cloud computing >>
- Cloud computing: large organisations give their verdict >>
- A practical guide to identifying the potential of the cloud in your environment >>
Although opinions still differ over what exactly the cloud is, it is clear the market for cloud services is booming. According to analyst firm Gartner, cloud services will grow from $89.4bn in 2011 to $176.8bn by 2015.
Most CIOs are no longer sceptical about the cloud, IT professionals at the meeting agreed. Yet moving IT services into the cloud is easier says than done. The problems are particularly acute in the public sector.
Public bodies are so locked into working with established systems integrators and IT systems, moving to the cloud requires a major cultural change, the group heard.
Christine Blake, a public sector procurement specialist, told the group that government departments will need a different mindset, if they are going to take up cloud services.
It will mean organisations will have to accept that they can work effectively with-off-the shelf IT services, rather than heavily customised systems.
"We each think our own government department is really different and specialised. But in reality we all buy the same stuff, and the differences between us are marginal," Christine Blake says.
It is not easy for public bodies to move quickly into the cloud, however, as most have invested heavily in developing in-house IT systems.
"It's organisational latency," says Steve Mordey, ICT sourcing manager, at the Department of Health. "I have a net book value of £10m in hardware I just have to sweat. I can't write it off."
"There are tens of years and multi-millions of investment in doing things a certain way. One of our barriers is that it takes time for the public sector to evolve. And we are evolving in a marketplace that is still evolving," says one delegate.
Government procurement regulations mean the public sector usually has no choice but to move slowly, says Steve Mordey.
"Having to go through long-winded and draconian mechanisms to appoint a player gives us a major headache," Mordey explains.
Small IT suppliers in particular find it impossible to negotiate the complexities of government procurement contracts. One public sector IT supplier that had made progress in this area, Erudine, was forced out of business, following a dispute with an overseas government customer over unpaid bills.
End users at the meeting agreed that what they most wanted from IT suppliers was a commitment to quality service.
They need suppliers that can meet service level agreements, without having to drill down into the technical specifications of the service, says Frank Falcon, IT architect at Colt Technology services.
And they want the ability to be able to switch contracts from one cloud computing service provider to another, simply and without fuss.
Nicky Stewart is programme director for government technology at SCC, and former head of ITC strategic delivery at the Office of Government Commerce.
"I see cloud deals entirely in commercial terms. I don't care about technology," Nicky Stewart says. "I don't want to be locked in. I want the ability to switch."
But users need to accept more off-the-shelf cloud services to gain flexibility, rather than using customised systems.
"It we start going down the bespoke route, we lose switchability," says Mordey. "A lot of cost comes in when we add bells and whistles. As soon as you start adding requirements, you lose flexibility."
Cloud computing is still a long way from having a common set of standards that makes switching suppliers practical.
It is analogous to beginnings of the electricity industry, when different electricity services ran on different voltages and different frequencies, says Falcon.
"A lot of customers think cloud services are portable. They have swallowed hook, line and sinker that you can just plug in the wall," he says. "We are nowhere near that in cloud."
In the public sector, the fear of negative publicity can act as a deterrent to adopting new services. Switching from one contract to another can be seen by the press as an admission of failure, delegates told the meeting.
"A lot of what we do is ask what the Daily Mail would think," says Christine Blake. "How would this look if we had buy out of this deal? It's about public scrutiny."
"I don't think we are good enough at sharing information with our suppliers," Blake says. "I have been in meetings with suppliers and the one thing my CEO wants is to avoid negative publicity, and that moves things along."
Ben Whur, a former government programme director, agreed. "We in the public sector have got to take on more risk than we do. We often end up paying for risks that were not there," he says
"Some of that comes from taking a generalised view of everything," says Rhys Sharp CTO at SCC. "The government defaults to a lower risk item and applies that across everything."
Yet suppliers often don't appreciate the security concerns IT departments have about cloud.
It is a subject that frequently goes unmentioned during sales pitches, says Phillipa Spark, consultancy manager at Lloyds Banking Group.
"I have had presentations with suppliers where they have not mentioned data protection or security," Phillipa Spark says. "They would do well to make it a point of difference and be up front about it."
"It's a matter of understanding the risk, " says David Marshall, enterprise architect at Pfizer. "The organisation retains accountability for the risks and part of the barrier is understanding the indemnities it needs."
For their part, suppliers said in many cases customers do not understand what they are buying when they move into the cloud.
"Businesses don't understand the differences between cloud services and outsourcing - don't give me your standard outsourcing contract because it's a waste of time," one delegate told the meeting.
And some customers seem to have an ideological objection to handing their data over to third parties, the meeting heard.
Suppliers are simply not capable of jumping through every security hoop every customer asks, says one delegate.
It is clear from exchanges like these that suppliers and customers still have some way to go before they see eye-to-eye on cloud.
"Suppliers are saying I wish customers understood and customers are saying I wish suppliers understood. We have not even begun to get into regulatory requirements," says Mark O'Conor. "They have moved apart. We now need to turn those ships back towards each other."
- Flexible cloud services that make it easy to change suppliers.
- Suppliers capable of meeting service level agreements without end users having to specify every technical detail.
- Suppliers that will address the issue of data security and data loss up-front.
- An understanding of regulatory issues businesses face, and a more realistic view on liabilities and indemnities.
- Willingness in principle to hand data over to third parties
- The ability for small suppliers to compete for government contracts
- Customers that understand supplier's standard approach to security, rather than each customer forcing suppliers to jump through different security hoops.
- Cultural barriers - a tendency for organisations to think they need customised services that aren't available in the cloud
- Procurement regulations in the public sector make it difficult and time-consuming to sign cloud contracts
- Data protection regulations make it difficult for organisations in some jurisdictions to put data in the cloud
- Users don't know what they are buying with cloud services. They often confuse cloud services for outsourcing, or think they are buying bespoke software when they are buying standard services
- Organisations are locked into existing technology and contracts. It takes time to move into cloud.
- The fear of bad publicity if a cloud contract does not work out.