A couple of important considerations for interoperability are the application and data.  Specifically:

Data – not only do we have to discuss application portability, but also have to port the data. you may have noticed it is easy to import, but hard to export. The data world is very “sticky”. One of the biggest issues the US government is having with adopting Google apps – They want to know the format of the data, so if they ever decide to migrate away from google apps, they can do it.  One possibility is have multiple copies of the data.

Application – the application that uses the API’s of the cloud provider has to seamlessly migrate to new chosen one. For anybody that has taken a look at the API of a couple of providers, you will notice that there is no significant overlap!! The providers built their API’s based on use cases and for now believe that they are going after different use cases/audiences. Even if this converges, it will be very hard to get the cloud providers to collaborate on a standard API. Standards have the ‘potential’ of further commoditizing their business, which already has low margins. One possible approach would be for the industry to accept a defacto standard.  But for that to happen, the providers have to start believing that they are going after the same use case/audience.  Another possible approach is to have a standards body define a standard. this one is harder, because if multiple vendors drive it then the standard become complex as it has to solve corner cases across the multiple targeted use cases – just as in the WS* standards process.

One possible approach is focus on small slices like cloud security appliance with security. We at Sonoa are hoping the CSA with its customer centric approach might pave the way.

This is a real issue, that needs to be worked on. thoughts/suggestions welcomed.

Michael Healey recently wrote “8 questions to ask before going live in the cloud“. Good read. We see customers going through this  general thought process:

• what is the business driver (generally time to market or costs) ?
• what is the ‘pilot’ application (new application are easier)
• select team, infrastructure/platform provider.
• focus on the security/compliance/visibility
• deliver project
• measure ROI (generally not required, as it is obvious)
• move to mission critical application

Most enterprise cloud applications are being driven by business/IT folks are focused on helping their business counterparts on time to market. it is important to approach w/ caution, but try to jump in fast…the water feels fine after you are in . No big bang approach about replacing data centers etc., just start with baby steps.

- 50% of all folks interviewed (enterprises with more than $1B in revenue) are doing cloud computing
- 66% of those do not have a security strategy
- RSA has put together a “Security for Business Innovation” council comprised of 10 security executives chosen by RSA.

Kudos to RSA for taking a customer centric approach. There is a shift happening in enterprise computing, it is becoming Web centric. The Web has been very successful in creating de facto standards without formal standard bodies, hopefully we have learned from it. Much like the Web, cloud computing adoption will have a life of it is own. Instead of trying to control it, lets guide it.

Security is a problem for IT departments that we keep hearing about again and again – Ogren’s is an interesting and practical take on the issue. Forrester created a checklist of security requirements for any company hosting/opening APIs via the cloud. It’s crucial to execute “due diligence” and upkeep with cloud infrastructure in order to ensure security.

Another big benefit to enterprise cloud adoption will be a survival of the fittest among business – you really do need to start the move to the cloud to stay a viable business in today’s climate where the slightest edge means everything.

The operational and business consultant sides of the CIO won’t necessarily separate as Gray indicates. Yes, a lot of operational aspects are handled for you when you move to the cloud, but there is still very real work to be done in maintaining security and control in the cloud that is directly related to C-level business efforts. No doubt we’ll see the position of the CIO evolve, but the role is still vital to business & IT operations.

- Customers think of information technology as a means to an end.
- When they are making IT related decisions (technology and vendor) they are generally making them for the long term.
- Technology decisions are based on many issues like skill availability, how it fits into the technology, standards – portability as it related to standards.
- Vendor decisions are also based on many issues like track record, area of focus/expertise etc. Leverage is also on the list. Portability helps with issue.

At the end of the day, customers are looking for standards based technology that they can work with vendors to implement. Standards not only help them with technology related issues, but also leverage with vendors.

Let me start by saying every customer that I have talked to in the past 12 months says – that they will be going with a hybrid approach – combination of public and private clouds. The following are few things to think about before you decide on how you want to proceed.

- Type of enterprise – if you are a Web-based business, then public cloud is a no brainer. Regulated industries like insurance and now financial services will have a tougher time to go only w/ public clouds. So you might start with a VMware-based private cloud offering and then as you decide to use or expose APIs/services to customers/partners or your compute cycles for a point project are exponentially high, you might opt for adding the public cloud to your strategy.

- Use case – what you are doing will define how you do it. If the data is very sensitive and cannot leave the firewall, then you might decide to start with the private cloud. Just remember that is what people said about sales/forecast data. Salesforce.com is thousands of customers and their data seems pretty secure. Nevertheless, security of the data will be important criteria in deciding the private vs. public discussion.

- Cloud provider type – self services (l EC2, Google) or high touch (Rackspace, Sunguard, etc.). This is mostly about how you would like to access services. High touch has its benefits, but is also expensive. Over a LONG period of time the lines will blur, but at least for the next decade the difference in approach will be stark.

- Control – this goes back to the use case discussion above. Enterprises will want visibility and control. Granular control on things like authentication, authorization, data masking, etc. As with much of the Web/cloud approach, it has to be simple and has got to scale.

Now for the controversial part. Much has been said about the Google outage. Recently blogged about it here. Rob Enderle recently used the Google outage to assert that private cloud models will win over public cloud models. Even though he makes good points, it is not what our customers are telling us.. This is not an either or discussion. Enterprise customers will do both.