In the 5th Cloud World Forum, that took place a couple days ago in London, I visited the Executive Forum sections. Corporate executives and senior management discussed different Cloud Computing related problems. Also, many came there not to share how to work with Cloud but looking for an answer to why to do it at all.
There was a noticeable shift in the focus of CIOs and Senior Managers in an area of major concerns regarding Cloud. Guess where this shift moves to from security... The concern #1 now is business compliance with both consumers' internal policies and industry regulations. This is not a new wave however; I noticed this trend a year ago and even wrote a multi-point checklist to help consumers when contracting Cloud. It seems that now this non-technical problem of compliance has reached the surface and superseded technical issues in the eyes of decision makers.
This problem has roots in two facts: 1) many of Cloud consumers operate in the highly regulated industries (like Healthcare, Banking, Telco) while Cloud providers are not obliged to recognise these and other regulations; 2) Cloud is thought as a provider of technology capabilities being agnostic to the business domains. Apparently, domain regulations can limit technical capabilities or become contradictive and very difficult to implement.
The last and this year appear as a storm of regulations in finance (world-wide) and other areas. This storm has started to tough not the companies/institutions only but the executives personally (in some cases the executives risk to be imprisoned for not providing compliance with some regulations). This can change an environment for Cloud dramatically. I've heard opinions like "... if Cloud does not respect and cooperate in compliance, my company will not go with Cloud at all despite all financial benefits they promise".
The compliance and similar non-technical problems have been observed in my publications since 2009. Unfortunately, solutions for tough technical problems such as performances, connectivity throughput and security are not real game players. CIOs believe that it is just a matter of time for technology to resolve all these technology challenges but personalisation of the consumer needs and compliance (and alike) shot right into the Cloud's economy of scale, into abstraction from business (abstraction of business domains).
This leads to another point I made in my book : to be competitive in a dynamic marker (full of compliance requirements that change as a storm), technology has to be merged back with business under the business supervision. Instead, Cloud does whatever possible to separate them.
We know that an implementation of regulations is costly and, usually, profitless. The positive factor, however, is that consumers are more inclined to deal with the provider who is compliant with the same regulations that the consumer does. Nonetheless, the majority of regulations aim an individual transparency and visibility into internal activities of institutions, which contradicts the basis of the economy of scale in the Cloud - ability to operate with anonymous units or work. A year ago, at one of the Cloud Forums organised by OVUM, IT leaders shared their experience in dealing with a global outage in Internet with regard to Cloud; it appeared that when consumers requested Cloud providers to supply a Disaster Recovery to protect from such outage cases, they found that the cost of the Cloud services practically 'swallowed' all financial benefits from the use of Cloud in their companies.
Overall, we have a technology movement that a) promises economic benefits but has many difficult business issues to resolve to go forward, and b) raises concerns that when and if these issues are resolved, the economic attractiveness (as a global measure of the movement's effectiveness) becomes questionable and uncertain. If Cloud providers do not resolve this puzzle soon, they risk to "jumping" into the same "bang-wagon" with offshore outsourcing. Serious businesses that survived this obsession have returned or are in the process of returning their assets under the company supervision.
I am not saying that Cloud is a dead-end. There is a large society of consumers who cannot afford appropriate compliance and personalisation of technology capabilities to its individual needs. They are left to take a risk. It's more likely they will go forward with Public Cloud for the purpose of financial savings but this will become a specific SME market. Others - medium-sized and large businesses - will need to target Private Cloud for its potential (negotiable) transparency or internal visibility.
As it seems today, only IaaS has potentials to protect corporate IT from a dramatic transformation. Those IT who passed through SaaS and PaaS and returned back under the corporate roof, will likely face a new organisational and operational model. This model might comprise separate IT teams split over the BUs under the business management while a small set of technologies (like archives, e-mail, PC Support and alike) will remain centralised and shared.
The focus of these IT teams will be on the brokering between different domain-specific Cloud providers. Such brokering is about integration and balancing between different Cloud providers who agree to be in line with the specific business needs of their consumers.