Cutting through the hype over cloud-based services

The last few years have seen the telecom sector enchanted and stoked by sexy new opportunities emerging from the IT side of the aisle. In 2007 it was Web 2.0. In 2008, it was Apple's App Store. For 2009, it's got to be the cloud.

From every tech blog you can name to the cover of the Economist, cloud computing and cloud-based services (also called software as a service, or SaaS) have caught the eye of enterprises and analysts. The basic premise - run and store your applications and content on network servers rather than your end-device, and utilize extra processing power off the network while you're at it - on paper sounds win-win for everyone. Enterprises benefit from outsourcing the cost and complexity of IT networking, and save a bundle on software licensing fees. In particular, start-ups that need to get their internal IT system up and running quickly can do so for a monthly fee. Consumers get the benefit of better organizational tools (think photo-hosting services like Flickr) and automatic backup of files that can be accessed from any device. Put another way, storing your stuff in the cloud means you don't lose it forever if your laptop explodes.

On the downside, trusting your data to the cloud isn't without risk. Some of them - such as privacy implications (like Facebook's controversial marketing program that allowed advertisers to mine user info for targeted ads) and technological lock-in (where changing service providers could mean leaving your data behind) - have yet to be fully addressed.

Then there's the recent debacle with T-Mobile's Sidekick service amply illustrated. Most of the cloud-stored data on outsourced servers run by Danger (a subsidiary of Microsoft) disappeared instantly, and even though T-Mobile and Microsoft were able to recover the majority of the data, some of it was lost forever. Either way, it's the former headline that everyone will remember when service providers come forward to pitch similar offerings.

And that's just one challenge of many that operators face as they set their sights on the cloud.

Everything old is new again

For a start, there's some confusion over just what counts as a cloud-based service.

Ironically, part of the buzz over the cloud stems from the realization that much of what counts as SaaS - as well as similar cloudy acronyms for platforms (PaaS) and infrastructure (IaaS) - has actually been around for some time (as far back as the pre-PC days of timesharing and VAX terminals, if one wants to be technical). Webmail is the obvious example, but also Flickr, YouTube and most social networking sites, as well as newer manifestations like Google Apps and Amazon's cloud services.

In fact, in many cases, cloud-based services are old ideas with new acronyms, says Miguel Carrero director of the service delivery infrastructure and applications domain for the Communications and Media Solutions business unit of HP.

"When you break through the nomenclatures, these are elements that have been coming into fruition slowly but surely over the last five to ten years," Carrero says. "If you remember the concept of ASPs [application service providers] in the late 90s, the underlying technologies and elements for cloud computing are different now but the basic concept is similar."

The problem with rebranding old ideas with a "cloud" moniker, however, is that it makes it all too easy for companies to jump on the hype bandwagon without fully understanding the basic concept, says Michael Harries, director of technology strategy and communications for the CTO office (and Citrix Labs) at Citrix Systems.

"Cloud is a broad range of things but we're using the same term for all of them, so people are hearing the term 'cloud' from 40 different directions, and everyone you talk to has a different definition," says Harries. "You talk to financial people and they say 'I love the cloud', but you drill down and they mean everything on the web."

Also, the catch-all term "cloud-based services" can actually be broken down into a number of categories, according to Citrix: virtualization (virtual servers, storage, networks), resource management (multi-tenancy, usage monitoring, optimizing across the farm), application management (which components work, how they need to interact, availability and performance) and access & automation (role-based access control, self service and admin portal, policy based automation).

Web-based world

On the bright side, it's that legacy element to cloud-based services that's partly responsible for driving new interest now that certain types of services that have been around for years are now mature and field-proven, says Carrero.

"Technology wise, elements like multi-tenancy and web services have matured enough to run them effectively," he says.
There are newer factors in play as well, such as bandwidth levels, he adds. "Look at connectivity in the late 90s compared to today, and it's significantly different."

Another factor is that thanks to broadband access and Web 2.0 apps, consumers and business users alike use the web far differently than they did ten years ago. "Things like Facebook, uploading pictures, weren't there in late 90s. Now we're almost dependent on the web for these services."

Harries of Citrix agrees. "People are more willing now to use web-based services. Half the population now has at least a web-based email account. We have enterprise customers that are treating their whole Windows desktop as a killer cloud app that they want from a service provider."

Enterprises are also becoming more comfortable with the idea of outsourcing certain types of software functionality, from desktops to vertical apps like, he adds, though they're still just getting their toes wet with services like virtual servers and IaaS.

"A lot of people are out there at the moment kicking the tires and using IaaS as a way of dealing with burst demand, but while IaaS is an important shift and available to IT, it's still relatively underbaked for now," Harries says.

Assembling the ecosystem

Despite all the progress and interest, however, it's still unclear just what telecom operators will get out of cloud-based services (see "Carriers brace for cloud computing", previous page).

One of the top challenges telcos face in breaking into the cloud business is establishing the end-to-end ecosystem needed to truly support it, says Carrero.

"The telco not only has to be able to deliver the technology, but sell and support it," he says. "When an operator delivers a service, there's a value chain behind it - from the front end to contact centers, IVR and so on. If you're going to do, say, ERP as a service, someone has to be able to have a dialogue with that enterprise to see how the service delivering that software matches the business processes that they have, and you need particular expertise."

That doesn't mean telcos have to do everything themselves, but they do have to realize their limitations and partner wisely to assemble that ecosystem.

An even bigger challenge, however, is ensuring availability. Carriers with managed services portfolios are well versed in SLAs, but those usually revolve around technical things like bit rates and dropped packets. SLAs at the application level are much harder to guarantee, which means carriers have to be prepared to pick and choose which services get priority, says Harries.

"For example, what we see in the public clouds and SaaS for consumers is free services and best-effort, or you'll get a rock-bottom price on a virtual server and it's available most of the time but when it's not, well you get what you pay for," he says. "Or you can either guarantee that the data center will be there and your service will be running, but only specific apps that you have full control over will be always running."

This also requires telcos to provide realistic expectations to cloud customers, adds Carrero.

"It's better to use pragmatic comparisons of what you're doing today for that model of service vs another. 'Here's what I'm offering vs what you have.' If you want to offer 100% availability for everyone, it's doable - but it's more expensive."

A matter of trust

Still, that's a tall order when selling a service that ostensibly asks customers to trust you with their data. And trust is at the core of cloud-based services. The Sidekick scare demonstrated in no uncertain terms how that can go wrong. Sidekick customers trusted T-Mobile to keep their data safe, and T-Mobile trusted Danger to do just that.

Of course, the trust issue - like the cloud - is nothing new. As Bruce Schneier, CTO of BT Counterpane Systems, pointed out in an essay in June, the entire IT security chain is based on trusting every element from the chip maker and the OS vendor to the ISP to keep your computer and everything on it safe.

"SaaS moves the trust boundary out one step further - you now have to also trust your software service vendors - but it doesn't fundamentally change anything," Schneier wrote. "It's just another vendor we need to trust."

That said, the difference is that the customer ends up relying completely on the service provider not only to secure everything from the usual malware, but also to run their business responsibly. And, adds Schneier, there are plenty of unknowns regarding the fate of your data if, say, the cloud services provider goes out of business or gets sold to your rival.

All of which, says Harries, brings the focus for telcos back to the ability to deliver what they promise - without overpromising.
"Consumers have learned to trust services like Gmail over the years, but for enterprises it's a harder thing to ask when you rely on security and reliability, especially with recent outages which make it clear to enterprises that this is not a silver bullet," Harries says. "Enterprises need to feel a level of comfort  that they can get to that SaaS offering, they can get that application delivered to them or they can get to their Windows desktop when they need it."