IT and the Cloud – the 'Value Paradox'

Cloud influence on IT activity and the changing role of the IT manager.

On Paradox - “If you try to fail, and succeed, which have you done?”  ― George Carlin

I know what IT did last summer 
Since the advent of packaged software , IT staff spent a great deal of their time making software available to their internal customers.  What did that entail?

• Comparing optional vendors and offering
• Procurement – negotiating and finally purchasing the software
• Designing and customizing the solution
• Securing the hardware and installing the software – sometimes this would take months to purchase and install the servers, operating systems and the software.
• Testing the environment and the software
• Deployment and training
• Maintenance – expanding resources, upgrades, etc.

All this work revolved just around ‘keeping the lights on’, and IT was usually understaffed with tasks continually piling up.

While it was crucial to have the software up and running',  IT could not devote the necessary attention to derive more value from the application, because just making the application available exhausted what little time and resources IT had at the end of the day.

Shift of Focus
In the world of SaaS - Cloud applications – many of these tasks are becoming extinct.

Procurement is done in many organizations by the business manager, and even if IT is involved, the decision is usually made by the Line of Business manager.

Securing and installing hardware is no longer needed, and neither is installing the software and testing it.

Maintenance is usually non-existent or negligible as well as deployment.

Training is also downshifted as most SaaS applications are designed for simplicity and intuitiveness.

In the Age of Cloud, IT is shifting from Managing Software to Managing Applications - As SaaS applications take a larger share of the companies’ portfolio , IT will have less “traditional” tasks, and therefore more time to concentrate on bringing value to the business.

What value would that be?

• Performance – a better end-user-experience, understanding when and where and for whom the application is not delivering acceptable response times.
• Subscription management – save the business unnecessary expenses by ensuring the right number and level of subscriptions were purchased (e.g. don’t continue to pay for employees that have left the company, or don’t pay premium subscriptions for users that are utilizing only the basic functionality)
• Application utilization – discover usage pattern, optimize the usage, ensure that the applications are being used in the way they were meant to, point out where training may be needed. Know how the application is used, by whom, when and where from.

The Value Paradox
Herein lies the paradox - On one hand, the cloud enables IT to start focusing on the important stuff ( bringing true value to the users and aligning itself with IT), but on the other hand, because of the Cloud’s ‘cloudiness’,  IT cannot deliver the benefits since it has no visibility into what’s going on.

The CIO has a debilitating blind spot when it comes to monitoring Cloud applications. All the communication in SaaS is done between the end user and the service provider. All traffic flows between these end points without IT having any visibility of who is using what, when, from where, how and how much. 
There are a number of tools available on the market that, although not designed for this particular challenge, provide partial information on various aspects. They include SSO, Synthetic transactions, APM, License management and log analysis. 

For example, Symantec recently released O3 Gateway while Salesforce is now delivering Identity Force SSO. Both solutions may provide a limited view of some of the knowledge needed.

Each one of the solutions above can give some visibility into this dark matter, but In order to resolve the “Value Paradox”  a new generation of tools will be required and they will need to be simpler, less costly, insightful and better fitting for the SMB market.

On Blindness – The Cloud Veil

“Living is Easy with Eyes Closed” ― John Lennon

Cloud is good, but…
Perhaps the single most powerful appeal of the Cloud – the ability of business managers to circumvent IT and get immediate IT resources - is also the most problematic aspect of it.

No wonder there is still a large group of CIOs and IT directors that shudder at the thought of letting go and have the business managers, or anyone in the organization, go out and purchase these resources with a swipe of a plastic card.

The fact that IT can be bypassed by the process is really neat: It save lots of time, there is zero bureaucracy, it is probably cheaper, and it is available anytime/anywhere. The fact that there is no go-between gives the business users all these advantages but in the same time leads to a debilitating blindness.

What we can’t see
Since all communications are done between the end user and service provider, there is zero visibility on the following information:

• What Cloud resources/applications are being used by the organization? Have various business units subscribed to services without IT’s consent or knowledge?
• Who is using what and how much? Perhaps the organization is paying for many subscriptions of employees that have left the company, or simply not using the app? 
• What modules are being used? Maybe the business is paying for the Unlimited Edition, while most of the users are only using modules of the Basic Edition – the difference can be significant – in some cases ranging from $5 to $350 per user, per month.
• What is the user experience like? Are the applications performing as expected? Which browser performs best per given app? Are the services providing similar results in the different office locations?
• How are the applications being used? Are all the modules accessed, and if not perhaps training is needed? Are the apps used as expected? E.g. if a CRM is used only between 4-5 PM every day or perhaps once a week, one would suspect that the service is not used as intended. 
• Compliance – how do we know that we are compliant to the various PCI, HIPPA, GLBA, FISMA requirements if we have no idea how the applications are being provided, or are being used by our employees?

Back in the days where all the applications were in-house, on-premise, IT could (in principle) know exactly what systems are running, who is using them, what the performance behavior of a given solution is and how the applications are being used.

Tools such as Network Sniffing, APM, and log analysis could be deployed in the network and monitor the traffic between the end users and the applications. For services that were offered outside the organization, one could use synthetic transactions to monitor performance and end user experience.

But what do you do if all the traffic is outside of your reach? How do you know what is really going on?

Single Sign On
Some companies use SSO to give them a measure of visibility into the application usage. While SSO has its merits, it is also limited in a number of ways. First, one must ensure that all employees are using the gateway to access the application. If employees have been using a certain SaaS service for a while, there is no guarantee that they will stop accessing it directly, and in any case, IT may not even know what apps are being used.

Even if IT manages to enforce the policy that every user in the org, accessing a certain Cloud app, will go through the company’s gateway, (whether from the office, on the road or from home), even then, the knowledge of the usage is limited to the single fact that user 'U' logged on to application 'A' at a certain time. Did that user ever advance from the login page or did she log out immediately afterwards? Did she stay signed in for three days, what modules did she use and at what frequency? What was her user experience? All these questions remain unanswered.

Service Provider Logs
A very small percentage of Service Providers have started making available usage logs for their customers. Potentially, these logs are quite helpful, as they can give a detailed view of the usage of the Cloud resources.

The drawbacks in this solution are threefold: First, as mentioned, only a small fraction actually does provide such reports, at different levels of detail. Second, each report is formatted differently and therefore, one needs to study each report, try to normalize the data and build a dashboard to capture the information. (bare in mind that some organizations consumes dozens of SaaS apps). Finally, this is simply data. To create actionable, insightful reports will require a huge investment in time, resources and ingenuity that I doubt many IT departments will consider.

Where is IT?
Perhaps in the future, businesses could thrive without an internal IT (just as we make do with power and utilities today). There is a hot discussion going on right now on the various internet forums, as to what shape IT will have (if at all) in the future. But right now and for the foreseeable future, IT is here, and will be needed to resolve a multitude of technical and procedural issues.

Therefore, even if one is a big believer in Cloud (as I am), IT will need to be involved. At the end of the day, all the problems will be brought to the helpdesk (even if IT was not involved in the process of purchasing and setting up the Cloud apps). Issues of performance, usage, security, compliance and integration will remain in the realm of IT, because the business managers and individual user will not be capable of handling them.
And, therefore, the blindness must be cured. Tools allowing visibility and reports providing actionable insights must be made available.

All the Right Reasons for not adopting the Cloud (Scientifically speaking, of course)

“Just as no one can be forced into belief, so no one can be forced into unbelief” - Sigmund Freud

Last week I participated in an expert-panel in a Cloud-meeting for CIOs. The conference started with an hour long CIO panel, then the vendors displayed their goods and finally, the expert panel.

What was obvious, was that different CIOs had completely differing opinions on whether Cloud should be embraced or not. There were those that were completely for Cloud and were actively seeking how to consume more Cloud services while others explained why the idea was mostly ludicrous.

When asked to summarize my impression of the meeting, my observation was that the difference in attitude towards embracing Cloud and SaaS had nothing to do with the size, or business or  type of enterprise these CIOs were representing, but with the psychological makeup of the CIO.

Perfect Reasoning
If you are for the Cloud, then the TCO and ROI clearly indicate that Cloud is the logical choice. If you are against the Cloud, you could prove how it ends up being more expensive.

If you do not want to adopt SaaS you can always pull out the regulatory winning card.

If you are for Cloud, you can talk about the flexibility of using SaaS. If you are against, you talk about how inflexible SaaS is without the ability to customize.

If you are a SaaS seeker, you tell the audience how much better the security of SaaS providers was than your own facility, but if you feel threatened by SaaS, you bring up those horror stories to justify not going there.

Que Sera Sera
I have no doubt that the train has left the station and that the old-school CIOs will, with time, become a minority. But then, you still hear some scientists arguing that Global Warming is fiction and they have scientific proof.
I don’t know what the future will look like, and what trends will dominate a decade from now, but Cloud is here to stay. Mind you, there are still mainframes running business on COBOL code, forty years later, so one would assume that on-premise will still be around in one way or another.

But as for the arguments, like religion, faith and whether the Sun revolves around Earth, no “scientific proof” will be able to change people’s minds.

Give me Freedom – Give me SaaS

“You can have peace. Or you can have freedom. Don't ever count on having both at once” - Robert A. Heinlein


I really like LinkedIn. 

[ I dabbled with Facebook for a little while, but truth be told, I gave it up. Even though I know that every company that respects itself has a presence there, it still feels a little silly to share my professional views on a social network where my kids exchange juvenile videos, girlfriend status or tomatoes on Farmville.]


The professional groups on LinkedIn can generate very lively discussions on things that matter to their members. Recently, I participated in a comment-war-of-attrition (over 50 extensive comments) on one of the larger CIO groups on LinkedIn. The origin of the discussion was a simple question of how to evaluate SaaS vendors, but the discussion quickly shifted to the concept of SaaS and then to the idea that SaaS limits the freedom of the CIO.

Lack of Freedom?
One of the participants was especially passionate against SaaS and kept talking about the idea that SaaS takes away your freedom because of vendor lock-in, because there is no control over the servers and the application and because there was no option to customize the software. Another point was that SaaS was totally dependent on the Internet to function (my refrigerator is totally dependent on the electric grid; is that a reason not to buy one? I find it hard to believe that any modern business is NOT dependent on the internet whether it has SaaS or not).


It’s not about IT and it’s not about the CIO
Let’s examine the kinds of freedom that this CIO is talking about. Owning and maintaining your own hardware. Wow! You have the freedom to research, negotiate, purchase, rack, stack, connect, test, maintain and upgrade. Yea! Are your users in HR thrilled about that? Are they applauding the efforts and wonderful results? Does all that effort get them closer to a solution or is it a justification for the IT budget?

IT has the freedom to research, purchase, install, test, integrate, maintain and upgrade the software package. Yea again! It did take nine months to get here, but guess what? we have our own software!
 
The Sales department might ask you why couldn’t we have done that nine months ago, using a SaaS solution, but' heck, what do they understand about IT’s needs. Oh yes, forget about the new versions that came out since – now we have the freedom NOT to upgrade (actually, we are scared s**tless about touching production after finally stabilizing the system).


I believe that the freedom the CIO was talking about was mostly about the freedom to stay in charge and have the business units dependent on IT.

[I do agree that in some cases, maintaining control of on-premise software has merit or it is governed by regulations; but that should be the exception, not the rule.]


Freedom to Customize
But, aha, IT will say, we have the freedom to customize the application to our heart's content. We own it! We can do whatever we want with it. But do we really want to customize the application? Is our hospital so different than thousands of other hospitals that our WFM software must be customized to our specific needs? Would customizing the Travel Expenses software give our bank the market edge?

SaaS applications embody the best practices of hundreds or thousands of robust businesses that share 90% of the business processes.  Most solid SaaS applications provide a level of configuration that should take care of an extra 5% of specific business processes.
On any day, nine out of ten business managers will prefer to have a working solution today that does 95% of the work, rather than wait twelve months for characterizing, prioritizing, designing, coding, testing and installing a solution that provides the 100%.


Real Freedom
SaaS gives IT and the business:

• Freedom from hardware purchases
• Freedom from racking, stacking, configuring, installing.
• Freedom from the endless maintenance and firefighting
• Freedom from the upgrade nightmares
• Freedom to choose – SaaS almost always gives you free trials to play with before you make the heavy commitment
• Freedom to change your mind  - if you are not happy, you can switch (yes, I know it is not simple, but at least in early stages you can do it with minimal damage while with on-premise software you are stuck with your decision for years) 
• And that means freedom from long-term, substantial, financial commitments
• And finally, Freedom to say NO to the business units that absolutely insist on that extra feature that will be forgotten by the time it is implemented

I am surprised that in 2012 we are still having these discussions, but apparently the veteran CIOs are still around fighting to maintain the old world order (see my previous post on Democratization of IT).

Occupy the Server Room! – The Cloud and Democratization of IT

“The best argument against democracy is a five-minute conversation with the average voter" -Winston Churchill

(Based on a presentation I gave last week at the annual IASEI conference. The presentation was a segue to a CIO panel that I moderated in which the CIOs  discussed how they are dealing with the changes in IT)

I have been following with awe the events this past year from Tahrir Square in Cairo to downtown Manhattan and other Arab and Western capitals across the world. The message is clear – there is too much power for too long in the hands of too few. The masses want to decide what’s good for them and not let a small group of (revolutionary generals / self-appointed businessmen / grand ayatollahs) have control over various aspects of their lives.

It seemed obvious to me that the same phenomena is happening in the corporate world. I am not sure we will soon see the employees storming the CIO’s office with torches and pitchforks, but the distribution of control from IT to the business units and to the individual workers is a trend that cannot be reversed.  It is a result (and driver)  of three other trends that have been as relentless:

• Consumerization of IT
• Commoditization of IT
• Democratization of Information

The Great Democtator

Like benevolent rulers that know what is good for their subjects, IT managers decided what was good for the organization, what technologies would serve the people and have traditionally held all the cards close to the chest. The more complicated the world of information became, the more dependent  the business units and employees were on information technology, the more power IT had and the bigger the budget.
And like any society ruled by a single central power, dissent is inevitable and, with time, the more you try to control the elements, the more people will try to break from your hold.

IT as a Technology Broker
Not so long ago, an employee needed the IT department to do almost anything that touched technology in one way or another.  IT was a broker of hardware, of solutions and of information.
Remember the Wang 1200? It was a big machine that needed its own office space and an operator to run. What did it do? Word Processing! Imagine that you needed IT's help to write a document.

• You needed a phone? IT would pull a land line to your desk and install the connection, then bring the device (which took them months of research and testing to decide on what model  is right for you) configure the phone and configure the setting in the PBX.  Nowadays you just use your mobile phone and ask IT to pick up the bill.

• You needed a CRM to support your business process? IT would spend months researching and testing different packages and negotiating a price. Then IT would need to purchase and install the servers (sometimes the DB licenses as well) and that could have taken months as well.  Then IT would spend time on installation and testing and perhaps customizing and integration. All this means that you could not have done it without IT’s crucial role.  These days you would subscribe to a SaaS CRM and try a free trial.

• Your hard drive got fried? IT will try to revive it. If a few days later they are unsuccessful, you will be issued another disk and IT will install it on your desktop and reconstruct from the backup tapes (they’re in Nebraska) at least some of the files so you could get back to work within a few days.Today, you open your Smartphone and pull up those files from DropBox.

The point being that Cloud has eroded a large part of the need for IT to act as a technology broker. Many of the resources they used to control in the past are now a mouse click away.
 
Reversed Trends
Once upon a time, most of the technological breakthroughs and innovation would come out of the defense industries, the military and NASA. Years later they would make their way into the major corporations until finally, we mortals would see the expensive gadgets in the store. Remember the Casio digital watches, the TI calculators and early GPS systems?
Well, the trend has clearly been reversed. Most of the new innovations are directed at the end user – the consumer:  Instant messaging, search engines,  blogging, Wiki, web search, polling, social networks and twitter. All these technologies made their way into the corporate world after becoming popular and useful for the general consumer population.

A Historical Perspective

Switch from 2nd to 3rd Gen Languages
It is common to think that the revolution began with the PC, but I believe that the seeds were planted when the third generation programming languages became available (FORTRAN, COBOL, BASIC, C). This enabled tens of thousands, then hundreds of Ks, of geeks around the world to join the exclusive club of perhaps a few thousand programmers that controlled the tech world thus far, and with the advent of the PC, they could do it outside the stranglehold of the large corporations. I think of it as the Magna Carta of the IT Democratization process.

Personal Computers
First there were the PCs that marked the beginning of democratization. Heavens forbid, people could actually play solitaire at work without IT doing anything about it! And then, when the affordable PCs at home offered them more freedom, they started installing all kinds of software on their work desk tops using those damned floppies to get stuff around. PCs meant that geeks could sit at home and develop cool stuff without the monstrous budgets needed till then.

Internet
Then came the internet and with it so many possibilities. Do you still remember the days when IT blocked internet access or limited it to only a few pre-defined sites? Heck, there are many financial institutions that still today do not issue email accounts to their employees; if you really need something done the employees have to use their private Gmail or Yahoo mail accounts.

The internet also enabled the Democratization of information:
WikiThis, WikiThat, how-to sites; the internet enabled crowd-sourcing, so that you no longer needed in-house developers or testers to do the work, and there is less need for  IT experts to help you out.
Social networks and evaluation sites let everyone ‘like’ or ‘dislike’ your products and services, so one cannot hide behind the great firewall any longer. No longer are you dependent on IT to get the technical information. The fact that IT would probably do a better job and will be able to sift through the information more intelligently is irrelevant. The business managers have access to the information and it gives them a sense of freedom they never had before; “Power to the People!”
And, of course, Open Source software which would have been impossible without the Web. Isn't that the ultimate manifestation of Democracy?

 
Mobile Computing
Anytime – Anywhere – Anyhow. As much as IT tried to resist it at first, PDAs, Blackberries and then Smartphone and Pads became the standard and every CIO had to deal with implications. What apps should be installed on the mobile devices, what kind of access do you allow from the device to the corporate systems, how do you synchronize and protect the data?

Cloud


And then along came Cloud, which is a big nail in the IT Control coffin. 
The Cloud became a catalyst of all the above trends. Everything shifted to Fast-Forward.

The Cloud drove the Commoditization of IT – for most purposes a server is a server is a server. And with virtualization, no one knows and, frankly, no one cares.  Gimme computing power, storage and bandwidth, and let the geeks fight the acronym battles amongst themselves.
On the one hand, anybody in the organization could go out and consume IT services without the CIO being involved. Be it a server, storage, backup, development environment or a full enterprise application, it was only a credit card swipe away – and half the stuff out there is free anyway, or available as a free trial.
On the other hand, any three guys and a goldfish with a great idea, (even if they reside in a third world country) can easily get a full development or production environment up and running and sell their services to the world.
 
Impact on the CIO?
There are good sides to this trend, even from the perspective of the CIO.
Cloud liberates the IT group from a lot of the menial work they are engaged with – wiring, installing, testing, maintaining, upgrading… Imagine all this disappearing overnight. IT can switch from firefighting mode to strategic planning, from a cost center to a value center. The CIO can metaphorically crawl out from under the desk, where he was busy connecting wires, and join the executives’ strategic discussion over the desk.

But the democratization of IT is introducing many headaches to those in charge of technology in the enterprise:

• Lack of visibility – who is using what, when, from where and how long?  All that information is now in the hands of the service provider.
• Utilization of the Cloud resources – while moving to the Cloud many have been a substantial cost saving, it may end up being expensive if you do not know what resources are being utilized in the Cloud.
• Lack of uniformity – each department or individual employee can access resources without the intervention of IT.
• No control over performance or SLA adherence
• Support of multiple mobile platforms that is very dynamic:
• •  
  • Unknown patched state
  • Unknown application vendors
  • Unknown application compatibility
  • Complexity to access corporate data

• Security (Access  Management, Theft ,Privacy)
• Corporate and government regulatory compliance
• Intellectual property protection
• Integration with legacy and with Cloud application
• Subscription utilization – ROI

What to do!?

Bring Down the Wall
IT has enough issues to deal with just maintaining the on-premise IT resources. Faced with the enormity of the challenges, the initial instinct is to shut down all access from the outside world. Think of the last days of a dictator hiding in his castle, living in denial. But the reality is that the CIO has to embrace the trend, not fight it. Democracy is here to stay since there is so much for the employees (and therefore the enterprise) to lose if we rewind and return to where we were a decade ago.

The CIO's Dilemma – Adopting SaaS as a Strategy

“Luke, you're going to find that many of the truths we cling to depend greatly on our own point of view” (Obi-Wan, Star Wars, episode VI)

'IT-Avoidance' Mechanism
SaaS adoption has become an outstanding success, not in the only SMB which it targeted originally, but at the business-unit level in the larger corporations. SaaS became the ultimate IT-avoidance mechanism for the business department heads that were tired of waiting for many months (or years) for their IT needs, weary of investing huge budgets just to find out that the software did not deliver what was expected, or was outdated by the time it was implemented. With SaaS, they could start a free trial immediately and gain value of the solution with minutes, hours or days. IT managers sometimes found out that their internal customers were using SaaS software many months after it was a done deal.

It’s All About Control
This paradigm shift from transitional on-premise to SaaS (which is somewhat reminiscent of the PC revolution that empowered the end users and removed some of the dependency they had on IT), was not looked upon favorably by IT managers.

I believe that the main reason for IT's resentment towards SaaS, is the loss of control partly based on real problems caused by IT-Avoidance and partly is based on an emotional response to the notion of various business units not “needing” IT as much as before.

My premise is that CIO’s must adopt SaaS – it delivers the goods and it is happening anyway – but for the adoption to be successful, they must regain control of the situation.

Security
IT usually brings up the ‘security’ excuse to kill SaaS deals, but I believe that many times the ‘security’ they are talking about is their 'job security', afraid to let go of assets that everyone is dependent on.

So let’s examine the real security issue. As I have mentioned in numerous talks and presentations, Cloud companies, as a rule, will do a much better job at data security and privacy than a hospital or a car manufacturer (or a bank, credit card company or NASA judging by the publications on the subject).
Still, there is a major issue regarding SaaS accounts when they are not controlled by IT. Any business manager can swipe a credit card, and order 40 seats for her staff to start using an HR app. The manager knows nothing of security, nor does she bother much with it - the point is to get productivity up. The users are provisioned, not by IT, but by the business unit. When an employee leaves the company to work for the competition, IT is supposed to disconnect that employee from all the assets in the company. But how can they de-provision the employee if they have no access (or knowledge) of the various SaaS applications that person was using? Who can guarantee that this employee will not access company data from home or from the new employer’s premises?...

Lack of Visibility
Not only does the IT manager have incomplete knowledge of who is using what, even if they know that an employee has a SaaS account, there is no way to know if that user is accessing the software, how it is being used and what, if any problems are there. There is no visibility into performance issues. IT also has no knowledge of what part of the organizations’ data is stored where. And could it be that some of the same data is residing at different SaaS providers, and could it be that information at one provider is inconsistent with some information at another provider?

Vendor Selection
One of the areas of expertise of IT is the ability to select software solutions and evaluate the vendors. The business units do not have that ability, and frankly, they don’t give a damn. They want quick solutions within their monthly budgets and all other topics regarding security, integration, service continuity, financial viability, and SLAs are stuff that IT traditionally dealt with (and hence took forever to make a decision). So, IT is not involved in the solution/vendor selection process exposing the enterpise to bad choices and their consequences.

Lack of Efficiency
It is not uncommon in large, distributed companies, that different departments are consuming the service from the same SaaS vendor (or different departments are using similar solutions from different vendors) with multiple contracts in place, and perhaps different integration schemes. Of course this reduces the chances for bulk discounts and is inefficient in all aspects of organizational learning and business intelligence.
Another aspect of control is the lack of ability to access, backup and analyze the company’s data or to impose regulatory constraints on the user.

Lack of Strategic Planning
The fact that each department is an independent SaaS consumer and that IT is not driving and controlling the company’s solution is a great impediment to multiyear strategic planning. The individual business units do not have a high-level view of the company’s needs and strategy.

The lack of strategic planning reduces the company’s ability to ensure security and to employ cross company data analysis (the data is distributed across multiple vendors) and may cause compliance and regulatory issues in the future.

What to do, what to do?
A following article will outline strategies to employ in order to get hold the SaaS situation. But it will suffice to say that IT needs to restore control and bring itself to the forefront. This means that, first and foremost, the CIO has to embrace SaaS and not fear it. Start by defining the strategic goals of Cloud computing in the organization. Understand who is consuming what in the organization. Review your upcoming upgrades and begin a process of considering SaaS to replace your on-premise solutions.

SaaS is not a threat but a wonderful opportunity for the enterprise and the IT organization. Don’t play a defensive game; rather, become a leader in this area for your company.

System Integrators’ Cloud Strategies – React or Lead?

“A leader takes people where they want to go. A great leader takes people where they don’t necessarily want to go, but ought to be.” (Rosalynn Carter)

Recently a number of medium-sized System Integrators (SIs) have approached me to help them either define their SaaS/Cloud strategy, validate their strategy or help them with the realization of their strategy.
It seems that, the shoe has dropped. It took two years of relentless Cloud hype for the System Integrators to finally understand that major changes are occurring which will impact their customers and therefore – them.

New Breed of System Integrators
There is a new breed of Cloud System Integrators (up to a year ago they were called “SaaS System Integrators”) including companies such as Appirio, Astadia, Bluewolf & Model Metrics, that are dedicated to providing SaaS based services. Being newcomers, they are quite small compared to the large players, but their growth rates are phenomenal (e.g. Appirio has been growing in triple digits since 2008). So far they are have not been big enough to pose a visible threat to the old timers, but I suspect that the Dinosaurs are starting to feel a bit uncomfortable with the quick mammals that are infiltrating their territories.

Lack of Strategy – Tactical Approach
Having studied approaches of the major players in the market I have come to some interesting observations:

1. There are around 15 Cloud services that SIs could offer their customers. Examples are: billing/integration/SSO services, PaaS development (Azure, Google Apps Engine, Force.com), SaaS-oriented testing, training, 24X7 NOC, etc. 
2. Judging by my engagement with some of the SIs, most are not even aware of what those services are, and are therefore concentrating on a few obvious choices.
3. Most of the SIs are offering only one or two Cloud services from the list, and therefore:
4. Most large SIs do not have a SaaS/Cloud strategy, or, their strategy is to wait and see how the market develops.

A number of large players have chosen to become a single application integrator. Examples are:
Accenture is a Salesforce.com partner.  Ernst & Young are helping implement EmployU and HumanWave. Deloitte is with Workday and Genpact is a Netsuite implementor.
Capgemini is working with AWS to provide a Cloud Computing COE.

Considering the size and nature of the business of these players, it seems that these services are not high on the priority lists of the big SIs. It is quite obvious (to me) that these giants have not defined a SaaS strategy, rather they are reacting in an opportunistic manner to the market - akin to a “me too” tactic, just to have something 'Cloudy' or 'SaaSy' on their web site.

Cloud Strategy – React or Lead
As mentioned, many SIs have adopted tactical approaches, at the Cloud Service level, rather than a strategic approach. Further analysis led us to the conclusion that by zooming out, grouping and mapping the above Cloud Services. we can define five Cloud Strategies for System Integrators:

1. SaaS Aggregator – Provide Applications on the cloud
2. SaaS One-stop-Shop for Software Vendors
3. Cloud/SaaS Adoption for IT
4. Private cloud technologies
5. BPasS - Could Integration

Note that Strategies 4 and 5 are "smaller" in scope and could either be included in one of the first three. Each Strategy includes between four to twelve of the above mentioned Cloud Services.

Using this prism, we could say that a number of players have chosen a strategic path:
IBM’s GBS and Wipro are offering services that we define as SaaS One-stop-shop for ISVs (strategy 3).  KPMG is offering Roadmap for SaaS Adoption (strategy 5) while Infosys is acting as a SaaS Aggregator for enterprise IT (strategy 1).  Smaller players such as iProcess are offering BpassS (Strategy 2)

Even though adoption rates are growing very fast, the hype of Cloud Computing is a couple of years ahead of reality, especially in the larger organizations that are the natural customers of the leading SIs. Some SIs have chosen to play it safe: not invest up front in new technologies and methodologies and watch the market carefully. Since they will still be milking many fat cows for a few years to come, the decision not to decide could be considered a smart, conservative strategy.

Others, though, have taken leadership positions, risking investments without a clear date on the ROI. They have the advantage of defining the market trends and have a better chance of emerging as the de-facto leaders in a few years when all the players, that are currently sitting on the fence, will have to define their strategy and see what bones are left to pick.

Private Clouds – What’s in a Name?

“Happiness is like a cloud, if you stare at it long enough, it evaporates” - Sarah McLachlan

Remember when all of our secretaries and stewardesses turned into office managers and flight attendants overnight? Remember when all the co-los and server-hosting companies became cloud providers overnight?

(To alleviate all suspicions – as my readers know, I am an ardent advocate for Cloud computing and SaaS in particular, so this post is not about arguing the merits of this constructive and disruptive trend).

Cloud means different things to different people – but mainly it means “a cool way to market my same old, tired stuff”. I worked with a co-lo provider a couple of years back. A few months ago I went to their site to check prices and lo and behold: They became a Cloud Provider! They had clouds splashed all over their site and every solution they sold was a Cloud solution. I called up a sales person and asked about their elasticity and time units. Turns out they were elastic in one direction – you could always order more servers – and you only had to commit to one year in advance. On a geological time scale that is quite flexible. When I laughed and asked what was ‘cloudy’ about their offering, the guy got confused and said that his manager will get back to me.

So what is all this newspeak about Private Clouds?

Guess what is happening to the good ol’ data center? As David Linthicum aptly puts it in his latest blog post: “the reality is that ‘private cloud’ is just another term for on-premise systems”.

Point number one is that I find the term an Oxymoron:
Cloud means that it is ‘somewhere out there’; location is transparent. Cloud means sharing; resources are transparent. The physical server I used this morning might be used by someone else this afternoon.
Private means it is in my back yard and only I get to play in the sandbox.

Point number two is that even if we apply the Cloud concepts to the enterprise, it will be relevant to a very small number of very big players. Those enterprises that are truly global and distributed. They could take advantage of the peaks and troughs, of the "follow the sun" model, of the large numbers and justify the investment of a Cloud player.

And what about the rest of us mortals? Let’s assume that a certain percentage of our IT services will not transition to the cloud – be it regulation, compliance, perceived loss of control, or the illusion of maintaining job security. We should be using Cloud-enabling technologies, to make a smarter use of our resources and data centers. That means virtualization, automation, orchestration and auto-provisioning technologies. We only get the silver lining – not the cloud.

So the Private Cloud, in essence, is a wonderful opportunity for the big vendors out there to sell to the enterprises - new equipment, new systems and new services.

Cloud IaaS: Sorry, not very Interesting

“There is an incessant influx of novelty into the world, and yet we tolerate incredible dullness” – Henry David Thoreau

Don’t get me wrong. Infrastructure-as-a-Service is a wonderful, useful and logical development. I do not need to sing the praise of it here. I believe in it and I am sure that it will provide a growing, significant percentage of computing needs around the globe.

But, it is just not very interesting, although it is the rage in all IT circles and hype generators. The technologies that enable it are basically: high speed bandwidth, virtualization and sophisticated management software. Now, I do not belittle these technologies. They are the product of years of development of ingenious engineers and some fast acting companies that had the ability to put one and one together and come up with the offering. And kudos to Amazon Web Services on leadership, ideas and execution.

Still, I believe that it is the domain of the few, and although every datacenter and ISP out there is starting to offer a ‘cloud’ solution, the end result will be a few very large companies that are big enough to invest in a model that makes economic sense and are sophisticated enough to pull it through.
So what does that say for technological companies that are thinking of providing IaaS-enabling software or hardware? There will survive only a handful of those companies, since they will be competing in such a small market.

So why is it such a hype, and why is it burning like a bushfire in the Kalahari savannah, while it took almost a decade for SaaS to become mainstream? Because the idea of IaaS is very simple and straightforward. IT gets it. Any old CIO can understand the concept, because hardware is a commodity and has been for a long time. Because many enterprises have been hosting in co-los for decades, acting as if their hardware is in their datacenter.
Once you get over the fear of losing control and get through the blah-blah of security, the idea of IaaS is very simple, and therefore, not interesting.

SaaS on the other hand is all about Applications. And applications are not perceived as a commodity (although many of the non-core applications are beginning to assume that role – and that’s a good thing). Therefore, once the hype will run its course and the dust Clouds will settle, IaaS will become mainstream. Every enterprise will choose how much of its infrastructure will lay outside of its firewalls and to what extent it will use the flexibility of the solution. SaaS will still be the interesting item, since every ISV will offer an on-demand solution, and the competition will continue to generate innovation and breakthroughs.

Can SaaS Companies Go Back to Basics?

"Change is a bouncing ball on the circumference of a circle"


I was recently at an AWS conference and met with a substantial number of SaaS companies that are running their full production on the Amazon EC2 and S3, albeit all were relatively early stage, smaller companies. I spoke with half a dozen VP Ops or their equivalents, and all stated that they were satisfied with the service and the uptime, and did not experience major outages.
I have also met recently with a number of successful SaaS companies that we under 20 people total – and that includes R&D and Sales & Marketing and running the 24X7 operations.

So it got me thinking that if SaaS companies can do well without the need to deal with hardly any aspect of the infrastructure we may be approaching a completion of full circle.

History 101

Since the dawn of time (January 1, 1970 – Unix time, that is) there were software companies. If they were successful, they excelled at writing software and testing it, and with time developed good professional services capabilities. And of course they needed to know how to market themselves and sell, and partner – but that was true of any company out there, whether they were manufacturing rubber gaskets or CAD software.

Fast forward to the post-boom, post-ASP era, and a new breed of software vendors appeared on the scene. As they were pioneering the new on-demand model; they all owned their infrastructure, and probably some of them were even hosting the hardware in their own back office.
These new SaaS vendors had to have expertise in their domain and their software, of course, but also in operations, 24X7 customer support, servers, power, storage, DBs, networking, security, performance and load testing, on top of the mastering the model of selling services rather than software.

As the market rapidly expanded, SaaS enablement companies grew around these new vendors, and started offering hosting at first (real estate and power), then networking capabilities, and then basic network monitoring services.

Two trends developed. On one hand, Managed Services companies (e.g. IP-Soft) offered to take over all the routine operations of managing the infrastructure up to the application level. That included monitoring and maintaining the network gear, servers, storage, DBs, Web servers and their respective operating systems.
On the other hand one saw the rise of Managed Hosting companies (e.g. Rackspace).that rented out the hardware itself on top of the real estate and offered ever growing services around the hardware.

And, there are companies (such as OpSource) that offer everything from hosting, to servers, storage, application management, 1st and 2nd tier helpdesk, as well as reading you bedtime stories.

Now we are seeing companies that offer QA services (especially performance, but not limited to), security services, integration services (AKA Professional Services), 24X7 answering services and tucking you into bed.

It is too early to tell how successful this ecosystem will turn out to be, and what percent of SaaS companies will subscribe to this model, but the emerging trend is clear – SaaS companies are offered the opportunity to go back and do what they do best – write software.

Nobody Does it Better

The question is where do you draw the line? Keep in mind that the success of a SaaS company relies mostly on the second S (Service) and less on the first S (Software), or put another way – depending on the execution more than the quality of the software.

I see a number of areas that must be directly managed by the SaaS staff:

• Product development
• Customer relationships
• Application management

As for functional testing, performance testing, security testing – they may all be outsourced, but never relinquish control of these processes.
Ditto for professional/integration services – you may hire an outsourcer/partner to perform these functions, but ultimately, the customer success lies at your door.

My friend and SaaS networking expert, Gil, says that you should never outsource the infra or the management of it because nobody will take care of your baby as good as yourself.

I recently had a conversation with a managed services account manager that confided in me that managing the infra of SaaS companies is far more difficult than that of your average enterprise IT, since the SaaS companies are far more sophisticated, have deeper technological understandings and higher availability and response requirements.

Another question is at what point do you want to take back ownership? Does a certain size and complexity of the service and business justify bringing in your own teams of experts to handle those tasks listed above? The cost of doing it yourself will probably start going down as you grow, but the company’s values might dictate sticking to the core competencies – Hey, isn’t that what the SaaS offering is all about?

Quick response to a silly blog

Normally, I have my own plans for what I want to post on my blog and I leave the fencing for the US women's Olympic team.
BUT, this morning I received an email from a friend who is also a CEO of a SaaS company, pointing out a new post with an outrageous title Why You Should Steer Your Customer Away from SaaS, for Now asking me to comment on it in my blog.

Frank's argument was that since Goggle's Gmail had an outage " just mention Google and Amazon's problems and a shadow of doubt can be place over the whole hosted applications market" He goes on to say that cloud computing (SaaS) "is just a pipe dream" and that we should resort to good old reliable client server technology.

I told my friendly CEO that it is such a non-issue that I don't think I should waste a good posting on it, but I did add a comment to the blog.
As the day went by and my comment was neither posted nor acknowledged, I decided to use this forum to respond.

So, my comment went something like this:

1. I can't believe we are even having this discussion. This is not 2003 when people were discussing the merits of this novel delivery system. As Dave Rosenberg pointed yesterday in his Negative Approach blog "Software-as-a-Service is so common it's actually boring at this point"
2. Frank's argument is as valid as steering customers away from motor cars back to horse drawn carts, because accidents happen.
3. SaaS companies make a living out of providing these services. Although I do not have the statistics, I know from numerous interactions with many companies that your average SaaS uptime figures are far better than your average IT department's.
4. Part of the success of SaaS has to do with the fact that IT was simply not delivering the goods, not in performance nor availability, so the business units went out looking for someone who could deliver a better service, NOW.

There. I don't think I need to splash in the mud much more. I must say though that I feel like I'm playing out a scene from Back to the Future IV.

IPaaS

No, it is not a typo, and neither am I contemplating adding another acronym to the alphabet soup. I am simply emphasizing an important aspect of the business - Intellectual Property-as-a-Service. IPaaS is the upper tier of SaaS, what might be known in the industry as ‘Managed Services’ or ‘Expert Services’.
An enterprise software vendor should be delivering more than a software tool. If it also provides a methodology, best practices, and subject matter expertise, then the differentiating value of that ISV is clear. It is (supposed to be) the hub of knowledge of all of its customers on how to do ‘It’ right. ‘It’ may be document, process, or project management, or business intelligence, or performance testing, or CRM, ERP, ABC and XYZ.
Its products are expected to encompass years of experience at a particular vertical or a process by interacting with the customers, heeding to their needs and compiling all of their usage history into the product and the company’s knowledge base.

There are countless tools out there being offered on-demand: email, webex, Google’s Apps and Microsoft Live, to name a few.
What differentiates these services from IPaaS is that they do not require a domain-level expertise. Almost anyone can log into a web-based tool such as webmail and start deriving value from it.

But, one may claim, this domain-level expertise is true for any ISV that offers vertical or complex, process driven systems. So why is this more compelling in the SaaS model?

There are three reasons.

The first is that SaaS vendors can channel their resources into offering a higher level experience for their customers. Most traditional ISVs devote most (if not all) of their professional services’ talents to installation, customization and upgrades/maintenance. If you take these activities out of the equation in the SaaS model, the ‘Professional Services’ can be upgraded to ‘Expert Services’ and dedicate the manpower to helping their customers derive more value from their products.

The second, and even more compelling, reason is that in the SaaS model the software vendors can generate another revenue stream from offering project-based, domain-level expertise. In the traditional model, no company in its right mind would buy and install an enterprise system to run a year-end financials project or a pre-launch performance testing project. Now this is possible with the on-demand model. The software vendor - the ‘expert’- owns the infrastructure; the systems are already installed and ready to use. Send in the expert team (this is a figure of speech of course, the beauty is that you can do it remotely) to run the project and extract a high price for this valued service.

The third, and most important, is the fact that no one has as much visibility into the domain as the SaaS provider. It can view how the software is being used, what kind of data is kept and how it is being manipulated. It can run queries on aggregated data and provide benchmarks and best practices.

Very few companies today make a use of this source of knowledge (and, yes, power) but I predict that it will become an important differentiator in the near future.