I was catching up on Twitter posts while enjoying the Australian Open and came across this:
eekygeeky RT @cloudbzz : Quick Poll - What makes something an "Enterprise Cloud?" <~ enterprises use it?
This is a topic I’ve spent much time discussing with our customers who certainly fall in the “enterprise” bucket. So here is my take (sorry Twitterati, 140 characters didn’t cut it!)
Lets start at the beginning and talk about how Enterprises want to pay for cloud. While individuals/developers/2.0’s are more than happy to swipe a credit card and buy virtual machines, this doesn’t help your average Enterprise CFO. They require more documentation, control, and accountability for using the company’s financial resources. It would be very interesting to see a public company go through its SOX review and discuss how its infrastructure maps to this line item on the IT Managers credit card. Who gets the points? :-)
Who will use the cloud? Cloud services assume one person makes all the cloud provisioning and purchasing decisions. That’s not the case in enterprises. Checks and balances, functional responsibility, approval chains, and change control boards, etc. are the reality. Having one person with an ecommerce account they purchased a book with, isn’t good enough. What is required are roles that can have permissions assigned, and for bonus points, delegate permissions. That’s not to say “pay per drink” models are not what enterprises want, they just want to have them delivered via familiar fiscal terms and contracts. Programmatically managing a cloud doesn’t remove the burden of responsibility, it changes it. API-centric approaches need to take this into account.
Speaking of contracts. A click -through a developer accepts during provisioning or signup, isn’t sufficient for an enterprise’s IT department. Therefore putting T&C’s in place to protect the enterprise is essential. As such, you can expect redlines and tweaks to meet requirements for service even if its delivered virtually.
So who’s watching the farm? Enterprises are used to hosting/outsourcing infrastructure, and when they do, they expect a certain level of service that includes being able to reach someone responsible for the infrastructure 24×7. Along with being able to reach someone they also want SLA’s on the responsiveness to resolving issues. Many of the enterprise RFP’s we respond to now want to go one step further and ask for the framework being used to manage the infrastructure. We elected ITIL and most recently moved to its latest revision.
And then there are certifications. SAS70 Type 2 is the “must-have” certification for all hosting companies. It’s basically a definition of a set of controls and an auditor’s review and opinion on those controls. A control could be as simple as “we lock the datacenter door” which an auditor could review and pass. Sharing these controls is something enterprises often demand. Without knowing what the controls are, it’s very hard to judge how effective the policy is. Very few cloud providers offer this level of transparency. More so, we are now seeing other standards to make inroads; a good example is ISO27001 which is really starting to get some attention with its security focus.
Finally, cloud on-boarding is something enterprises are coming to expect. Having great API’s and web UI’s, etc. is fine but when it comes to moving applications and data to the cloud, enterprises are looking for consulting and professional services — helping understand what should move and what should remain on dedicated infrastructure, understanding the ROI, potential savings, building a migration strategy, developing a DR plan – there are all key items an enterprise looks for when embracing the cloud.
Check out the follow-up post on enterprsie cloud technology.