The predominant concern mentioned by CIOs examining cloud computing services is security, but cloud interoperability -- or a potential lack thereof -- among cloud computing providers, and among Infrastructure as a Service (IaaS) offerings in particular, is just as disconcerting.
IaaS is a logical first step for enterprises looking to take advantage of the cost savings and agility that cloud services promise. CIOs can provision processing, storage, networks and other resources rapidly over the Internet, while maintaining control over operating systems, applications and possibly network components, such as firewalls.
Key to their adoption of IaaS services, according to CIOs, however, is being able to move quickly and easily among vendors.
"My concern is that if I offload to one service provider and it's going to take an act of God to get me out of it -- they've got me," said Ed Bell, interim CIO for the commonwealth of Massachusetts' Senate and House of Representatives. Bell is reengineering the state legislature's intranet and public websites using Microsoft's Active Server Pages.NET platform with its SharePoint application for managing all petitions and bills that are submitted. Because the Massachusetts State House has a ready infrastructure paid for by the commonwealth, Bell is not looking to source that function out.
In his former role as a divisional CIO for the U.S. Financial Services division of ING Americas, a large financial services firm, Bell did consider the cloud for business intelligence services, and the potential for vendor lock-in. "We had outsourced infrastructure to IBM," he said. "From an application standpoint, we were looking at BI from an independent firm that was acquired by Microsoft, Fast Search & Transfer. We were very open to having them maintain our data, and were comfortable with their security. They could support their base application a whole lot better than I could."
The Open Cloud Standards Incubator within the Distributed Management Task Force (DTMF), for one, is working with several other standards groups to address cloud services interoperability and portability.
"We focused on management scenarios [in a recent cloud services white paper], such as 'how do you establish a relationship and get a contract?' and 'how do you deploy new services and monitor that?'" explained Winston Bumpus, president of the DMTF. "We know from meetings with enterprises that being able to move off [one provider] in seven days would be a huge accomplishment. [Right] now, it takes months."
The DMTF is developing cloud computing interoperability and security standards with the Open Grid Forum's Open Cloud Computing Interface working group, the Cloud Security Alliance, the Storage Networking Industry Association and the Object Management Group.
Numerous proprietary and open application programming interfaces (API) have been proposed to provide management, security and interoperability among IaaS services, including Amazon.com Inc.'s Elastic Compute Cloud API, VMware Inc.'s DMTF-submitted vCloud API, Sun Microsystems' Open Cloud API, Rackspace US Inc.'s API, and GoGrid Cloud Hosting's API. To put everyone on the same page, a standards development organization created a cloud standards wiki, where everyone can post their progress.
Market forces, consumer demand and economics eventually will pare down these standards players, analysts say; in the meantime, consumers will use a variety of interfaces to interact with cloud services. In addition, a new class of cloud service brokers probably will emerge to abstract incompatible APIs and provide a seamless interface in advance of a common cloud API, according to the Cloud Security Alliance.
My concern is that if I offload to one service provider and it's going to take an act of God to get me out of it -- they've got me.
Ed Bell, interim CIO, commonwealth of Massachusetts Senate and House of Representatives
The DMTF has made strides toward interoperability with the Open Virtualization Format, a VMware-inspired specification for packaging virtual machines from the data center into a private cloud. The DMTF ratified the OVF specification last year and hundreds of computing products have been implemented based on it, according to Bumpus. It is now in the process of becoming an American National Standards Institute and Open Systems Interconnection standard.
"The goal as we finish up the Incubator is to look at what extensions we need to make to OVF, take all these inputs and develop a common cloud API," Bumpus said.
Some industry analysts, however, see industry standards for cloud computing as pie in the sky.
"A common cloud API is way in the future, and might even be unrealistic," said James Staten, an analyst at Cambridge, Mass.-based Forrester Research Inc. He added that he does expect cloud infrastructure offerings to support such Web services as security calls, interoperability and workflow standards, however.
"The challenge I have with the standards efforts thus far is that they're too far ahead of where the market is," Staten said. "There's no compelling reason to comply; not enough enterprise users have established cloud computing initiatives."
And those enterprises that have used the cloud for strategic advantage are keeping their cards close to the vest. "Most enterprises aren't willing to talk about it," Staten said, adding that companies in the pharmaceutical, entertainment and media, and financial services industries are making the best use of the cloud today.
Let us know what you think about the story; email Laura Smith, Features Writer.