Andrea Di MaioLast week I was in a meeting with officials working for a research organization controlled by the Taiwanese government, and we had an open and frank conversation about the future of cloud in government. We went through the usual discussion about the importance of and case for building one or several private clouds, and I found something one of them said very refreshing: “there won’t be any other real cloud than the public one, so we’d better figure out how to use it”.
Governments are almost obsessed with the idea that they need to use a private cloud or a community cloud. If you ask individual departments, they say “private”, while if you ask organizations in charge for whole-of-government services, they say “community”. One thing they seem to forget is that scalability and elasticity are possible and affordable only if there is sufficient scale.
Shortly after the official launch of Office 365 by Microsoft, there has been some debate about how this service would made available in jurisdictions where Microsoft has no data centers. Over the last year or so Microsoft had suggested that there could be partner-hosted version of Office (not sure they ever meant those to be called Office 365) available as a service in those countries. One of the earliest partners to offer Office 365 (basically reselling the service hosted on the Microsoft cloud) has been Telstra, the Australian telecom company. When asked whether they plan to have their own hosted version of Office as a service for Australian clients who want their data to stay on Australian soil, they replied that they would need a least half a million clients to make it worthwhile.
Unless you are based in the US, Singapore or Ireland and few other places where all major cloud vendors have substantial infrastructure, you are unlikely to be able to lightly put personal or confidential information into the cloud. This is true for most public sector organizations but also for any other enterprise that must meet regulatory constraints on privacy and the likes.
But it may be even worse. Let’s assume your cloud provider has data centers in Europe and you feel comfortable with having data hosted there. Well, it appears that the Patriot Act may take effect also on infrastructure that US-headquartered providers have outside the US. This is clearly a matter for legal experts to clear and requires good risk management. However, regulated enterprises often tend to take the path of least resistance to compliance: it is easier to say no than taking the responsibility of assessing the risks of data hosted by a third party that may be required to hand over data and encryption keys to its government.
Now, all this has important consequences for the cloud market:
- If private clouds may not have the scale required to prove their value with respect to virtualized infrastructures,
- if government-operated community clouds suffer from the same governance problem as any other shared service endeavor
- if vendor-operated community clouds may not be readily available while vendors try to understand whether they can get enough client on-board to break even
- if public clouds cannot be used for data protection reasons
where does this leave the government cloud market?
There is a clear disconnect between market hype and client readiness. Things may change when more government organizations move to the cloud, and vendors start seriously planning for more localized infrastructures, or the EU and other concerned governments publish guidance or amendments to existing directives that either implicitly or explicitly prevent regulated organizations from leveraging cloud solutions on any significant scale.
How soon is this going to happen? Not sure, but it may take longer than many cloud evangelists and enthusiasts hope for.
Category: cloud Tags:
4 responses so far ↓
1 Martin Welsby July 12, 2011 at 4:59 am
“One thing they seem to forget is that scalability and elasticity are possible and affordable only if there is sufficient scale.”
I would disagree. If the client seeks the lowest cost service possible then the scale of public cloud is required. If the client seeks a LOWER cost of service provision then community cloud delivered by a competent provider can significantly reduce costs. Even a private cloud, meeting the most stringent security and privacy requirements, can deliver a lower cost service than is currently consumed if people, policies, procedures and standards are reused to maximum effect.
The outsourced service model has relied on this for years and cloud computing, especially in small to medium government agencies, will continue to deliver cost savings the same way.
2 John Sheridan July 12, 2011 at 5:36 pm
I think Martin raises an important point, not that Andrea has denied it. That is that cloud is a procurement not a technology choice. As in any procurement, cloud decisions need to be informed by the total cost of ownership. Accepting that increasing levels of security will cost more (in cloud, as in anything else), it may still be cheaper, in some cases, to move to the private cloud. However, for non-elastic, high base load, long term computing requirements, it may instead be cheaper to buy rather than lease.
I predict a growth in cloud cost analysis specialists, reflecting the growth in mortgage brokers a while ago when the housing finance options available to customers expanded. CIOs will need to work closely with CFOs to ensure the business bottom line reflects best practice procurement in the cloud.
NB: these are my personal opinions only.
3 The Path to the Cloud May Be Much Slower Than Many Think | Developers Blog July 19, 2011 at 1:59 pm
[...] Be Much Slower Than Many Think By RSS FEED, on July 19th, 2011 Author: Andrea Di Maio Source: Andrea DiMaio [...]
4 Greg Thomas July 20, 2011 at 3:40 pm
Andrea, I agree with several of your points. Your experience with Telstra reaffirms many of the things we heard in London a couple of weeks ago, where the government visitors repeatedly said that they could not see how to reconcile their desire to have the stability and reliability of a large, experienced vendor, with their desire to keep their data local and utilize small, local vendors. Interesting market dilemma. Perhaps someone will figure out how to “build it so they will come.”