Here Are Top Reasons and Paybacks for Adopting Cloud Computing Today
Here Are Top Reasons and Paybacks for Adopting Cloud
Transcript of a BrieﬁngsDirect podcast on how moving to the cloud can lead enterprises to
examine and improve current policies.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor:
Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re
listening to BrieﬁngsDirect. Today, we present a sponsored podcast discussion on
identifying the top reasons and paybacks for adopting cloud computing.
If cloud, in its many forms, gains traction, like any other big change affecting
business and IT, people need a lot of rationales, adoption incentives, and
measurable returns to keep progressing successfully. But, just as the deﬁnition of
cloud computing itself can elicit myriad responses, the same is true for why an
organization should do cloud computing.
The major paybacks are not clearly agreed upon for sure. Are the paybacks purely in economic
terms? Is cloud a route to IT efﬁciency primarily? Are the business agility beneﬁts paramount?
Or, does cloud transform business and markets in ways not yet fully understood?
We'll seek a list of the top reasons why exploiting cloud computing models make sense, and why
at least experimenting with cloud should be done sooner rather than later. We have with us a
panel of cloud experts assembled to put some serious wood behind the arrow leading to the
Please join me now in welcoming Archie Reed, Hewlett-Packard's (HP) Chief Technologist for
Cloud Security and the author of several publications including "The Deﬁnitive Guide to Identity
Management" and a new book, "The Concise Guide to Cloud Computing." Welcome back to the
Archie Reed: Thanks very much, Dana.
Gardner: We're also here with Jim Reavis, executive director of the Cloud Security Alliance
(CSA) and president of Reavis Consulting Group. Welcome back to you too, Jim.
Jim Reavis: Pleasure to be here, Dana.
Gardner: And we are also here with Dave Linthicum, Chief Technology Ofﬁcer of Bick Group
and also a proliﬁc cloud blogger and author. Welcome back to you as well, Dave.
Dave Linthicum: Thanks for having me, Dana.
Gardner: Let me go ﬁrst to you, Jim, and then to Archie. At the RSA Conference, the CSA and
HP announced some ﬁndings around "Seven Deadly Sins" for cloud adoption. Tell us a little bit
about those Seven Deadly Sins, some of the negative issues, before we delve into some of the
positive, some of the heavenly delights of cloud, if you will.
Reavis: Thanks, Dana. The reason we produce these threat listings and do everything we are
doing at CSA is that we believe that adopting cloud is a foregone conclusion. We're
going to be spending a lot of time on this webcast talking about the beneﬁts. So,
it’s to help people do it in the most appropriate and secure way.
You can ﬁnd the full listing of the Seven Deadly Sins at cloudsecurityalliance.org
website, under "Top Threats." I'm not going to list them all in detail. We found that,
when you think about going to the cloud, it’s not just security issues that
enterprises are concerned about, but rather compliance. A lot of the transparency
issues on what your provider is doing becomes something that we want to think about and be
really concerned about.
Data is something that we identiﬁed as a key threat issue. You want to know where your data is.
You want to know how it’s being controlled. You want to prevent it from being leaked or lost
completely. Obviously, that goes with any type of computing, but it's certainly something, as we
move to this new model, that you want to understand and be concerned about.
Then, there's just a variety of things where we want to understand how bad guys will start using
the cloud, what new speciﬁc issues there are, and when we have the shared infrastructure, how
bad people might be able to get in in some way or another and use some form of privilege
escalation through virtualization or other sorts of techniques to be able to move into areas where
they aren’t allowed.
It’s deﬁnitely food for thought. It’s part of your whole risk-management process, when you think
about how to take a certain business initiative and use a certain cloud system to accomplish that
goal. That’s the whole point of it, and we've gotten pretty good feedback. We certainly don’t
think what we produced was alarmist, but rather to help people adopt cloud.
Gardner: Archie Reed, a lot of companies that I've talked to are trying to do this cost-beneﬁt
analysis about cloud and what they should be doing. In order to understand that, you have to look
at what you need to do to prevent the risks from getting out of hand, but you also need to know
about what you get in return for doing it well.
Let’s look at this cost-beneﬁt analysis. We have a good sense of some of the negatives, what you
need to do, and some of the investments. What are some of the high-level potentials? What are
the paybacks that would balance out some of those risks and investments?
Reed: Thanks, Dana. Just to reiterate what Jim said previously around the Seven Deadly Sins, in
order to understand what the cost beneﬁts are, what the impact to an
organization is going to be, you have to be aware of the risk analysis you are
going to undertake that feeds into a cost-beneﬁt analysis.
I just want to make a couple of points about the top threats, as we lead into these
things. First off, it was all about awareness or enlightenment. Given the tone of
our discussion today, the key was, as Jim said, not to be alarmist, but to create
If you don’t understand what’s going on inside the cloud environment that you're using, be it
public or private, or some hybrid of those things, then you can't really get the beneﬁts that you're
looking for, because you haven’t taken into account the overall risks that are associated with that.
The same risks
Interestingly, when we look at this list, if we received any criticism for it at all, it was that it
presents the same risks that any large, outsourced business service might encounter.
Fundamentally, you need to follow good security practices.
So, when we go into all of this discussion around what is the beneﬁt, we need to do our standard
risk analysis. There’s nothing too much that's new here, but what we do see is that when you get
to the cloud and you're doing that assessment, it comes down to agility.
Agility, in this sense, has the dimensions of speed at scale. For businesses, that can be quite
compelling in terms of economic return and business agility, which is another variation on the
theme. But, we gain this through the attributes we ascribe to cloud -- things like instant on/off,
huge scale, per-use billing, all the things we tried to achieve previously but ﬁnally seem to be
able to get with a cloud-computing architectural model.
If we're going to do the cost-beneﬁt analysis, it does come down to the fact that, through that per-
use billing, we're able to do this in a much more ﬁne-grain manner and then compare to the risks
that we are going to encounter as a result of using this type of environment. Again, that's
regardless of whether it’s public or private. The risks may go down, if it’s a private environment.
Factoring all those things in together, there's not too much of a new model in how we try to
achieve this justiﬁcation and gain those beneﬁts.
Gardner: Dave Linthicum, we've talked about this a bit in the past and one of things that was
memorable in talking with you is that you seem to think that we shouldn’t look at cloud
computing through a cost savings lens. It may not even be cheaper or more cost efﬁcient, but you
had other, more pressing reasons for moving into the cloud.
First, if I'm correct, explain your rationale on the cost issue and then also what you think are
some of the top motivators?
Linthicum: The mistake that a lot of people make is that they go directly for the OPEX versus
CAPEX cost. In other words, they're sick of buying waves and waves of servers
for their data centers and sick of paying colos and all those sorts of things. They
really want to get into a "pay per drink" cost model in how they consume compute
cycles, storage, and all the other things that are kind of innate to the data center.
One of the issues is that public cloud computing providers typically -- and
sometimes private cloud computing infrastructure that you set up -- are going to
be more expensive than a lot of existing infrastructures. That’s misunderstood out
there, unless you are like me and for the last two years have done the analysis over and over
However, the notion of business agility, which I heard mentioned, is really where the money is
made. It's the ability to scale up and scale down, the ability to allocate compute resources around
business opportunities, and the ability to align the business to new markets quickly and
efﬁciently, without doing waves and waves of software acquisitions, setups, installs, and all the
risks around doing that. That's really where the core beneﬁt is.
If you look at that and you look at the strategic value of agility within your enterprise, it’s always
different. In other words, your value of agility is going to vary greatly between a high tech
company, a ﬁnance company, and a manufacturing company. You can come up with the business
beneﬁt and the reason for moving into cloud computing, and people have a tendency not to think
The point I already made -- and I agree with the guests -- is that you have to weigh that beneﬁt
in line with the innate risks in moving to these platforms. Whether or not you are moving from
on-prem to on-prem, on-prem to cloud, or traditional on-prem to private cloud computing, there’s
always risk involved in terms of how you do security, governance, latency, and those things.
Once you factor those things in and you understand what the value drivers are in both OPEX and
CAPEX cost and the tradeoffs there, as well as business agility, and weigh in the risk, then you
have your equation, and it comes down to a business decision. Nine times out of ten, the cloud
computing provider is going to provide a more strategic IT value than traditional computing
Gardner: Going back to you, Jim, when we think about the beneﬁts of cloud in general, it seems
that most people gravitate to this as a way in which we can recast IT processes and functions.
But, in a lot of ways, I think there’s just as much interest around using the cloud as a way of
reaching audiences, providing services, linking up partners in an ecosystem or process
marketplace in ways that hadn’t been possible before.
Do you think it’s a good idea for us to not just think about cloud as a beneﬁt to efﬁciency and
transformation at the IT level, but that in gaining cloud expertise, there's the opportunity to do
things vis-à-vis supplying your customers, ﬁnding your customers, and even in joining with
suppliers in a new way?
Reavis: I'd agree with that, and it echoes a little bit of what Dave has said. When you think about
economics, what’s the core of economics? It's supply and demand. Cloud gives you that ability to
more efﬁciently serve your customers. It becomes a customer-service issue, where you can
provide a supply of whatever your service is that really ﬁts with their demand.
Ten years ago I started a little minor success in the Internet dot-com days. It was called
Securityportal.com. You all remember something called the "Slashdot
Effect," where a story would get posted on Slashdot and it would basically
take your business out. You would have an outage, because so much trafﬁc
would go your way.
We would, on the one hand, love those sorts of things, and we would live in
fear of when that would happen, when we would get recognition, because we
didn’t have cloud-based models for servicing our customers. So, when good things would
happen, it would sometimes be a bad thing for us.
I had a chance to spend a lot of time with an online gaming company, and the way they've been
able to scale up would only be possible in the cloud. Their business would not have been able to
exist in the earlier era of the Internet. It’s just not possible.
So, yeah, it provides us this whole new platform. I've maintained all along that we're not just
going to migrate IT into the cloud, but we're going to reinvent new businesses, new business
processes, and new ways of having an intermediary relationship with other suppliers and our
customers as well. So it’s going to be very, very transformational.
Gardner: Similar question to you, Archie. When HP looks at the potential for cloud in its own
right as a company, I should think that there is a lot of interest and efﬁciency for delivering
services and providing a cloud capability for that. You've already got a lot of software-as-a-
service (SaaS) based services for application lifecycle management, and test and dev, and so
forth. How do you see the difference between cloud as it affects IT and then cloud as it affects
Outcomes are core
Reed: At HP, when we talk to customers and even try to evaluate internally, we talk about this
thing called business outcomes being core to how IT and business align. Whether they're small
companies or large companies, it's providing services that support the business outcomes and
understanding that ultimately you want to deliver.
In business terms, it's more processing of loan requests and ﬁnancial transactions. Then, if that’s
the measure that people are looking at what the business outcomes need to be, then IT can align
with that and they become the service provider for that capability.
We've talked to a lot of customers, particularly in the ﬁnancial industry, for example, where IT
wasn’t measured in how they cut costs or how much staff they had. They were measured in
incremental improvements on how many advances could be made in delivering more business
In that example, one particular business metric was, "We can process more loans in a day, when
necessary." The way they achieved that was by re-architecting things in a more cloud or service-
centric way, wherein they could essentially ramp up, on what they called a private cloud, the
ability to process things much more quickly.
Now, many in IT realize -- perhaps not enough, but we're seeing the change -- that they need to
make this towards the service oriented architecture (SOA) approach and delivery, such that they
are becoming experts in brokering the right solution to deliver the most signiﬁcant business
The source of those services is less about how much hardware and software you need to buy and
integrate and all that sort of thing, and more about the most economical and secure way that they
can deliver the majority of desired outcomes. You don’t just want to build one service to provide
a capability. You want to build an environment and an architecture that achieves the bulk of the
desired outcomes. Does that make sense?
Gardner: Sure. Dave Linthicum, we talked about agility, let’s see if we can unpack that a little
bit and get a little bit more detail. That’s kind of a general umbrella topic or a moniker.
When we think about business process, if you're focused at the business process level, and I
think that’s what Archie was alluding to, rather than the supporting infrastructure or the
applications, if we start composing business processes from services, rather than discrete
applications, it seems to me we gain an opportunity to be responsive. That is to say, a business
process can be examined and then perhaps some data analysis can be applied. Then, we can ask
how do we do that better.
Does cloud computing allow us to then adjust a business process or even come up with
innovations built upon existing processes in ways that traditional IT simply can’t or just can’t
within the necessary time frame?
Linthicum: Yes. The latency that people are running into in traditional IT is not really aligning
the business processes, because usually they have the ability to do that in one way or form, either
in composites or a true business process layer, which already exists. It’s the ability to stand up
the services that they need in terms of storage, compute, different things like risk analytics in the
ﬁnancial market, and how all those things basically tie together. That becomes the latency that
drives the lateness of the business process changes that need to occur within the enterprise.
Cloud computing will provide us with some additional capabilities. It's not necessarily nirvana,
but you can get at compute and you can get at even some of these pretty big services. For
example, the Predictive API that Google just announced at Google I/O last week is an amazing
piece of data-mining stuff that you can get for free, for now.
The ability to tie that into your existing processes and perhaps make some predictions in terms of
inventory control things, means you could save potentially a million dollars a month, supporting
just-in-time inventory processes within your enterprise. Those sorts of things really need to come
into the mix in order to provide the additional value.
Sometimes we can drive processes out of the cloud, but I think processes are really going to be
driven on-prem and they are going to include cloud resources. The ability to onboard those cloud
resources is needed to support the changes in the processes and is really going to be the value of
That the area that’s probably the most exciting thing. I just came back from Gluecon this week in
Denver. That is, in a sense, a cloud developers’ conference, and they're all talking about
application programming interfaces (APIs) and building the next infrastructure.
When those things come online, become available, and we don’t have to build those things in-
house, we can actually leverage them into a "pay per drink" basis through some kind of provider,
buying those into our processes. We'll perhaps have thousands of APIs that exist all over the
place, and perhaps even not even local data within these APIs.
They just produce behavior, and we bring them together to form these core business processes.
More importantly, we bring them together to recreate these core business processes around new
needs of the business. That’s where the value of cloud computing is going to appear, and we
haven’t seen anything yet. There are huge amounts of value being built right now.
Reed: It's the same for me. I was also at Gluecon this week, and there were several threads going
on. Certainly the API thread was fascinating in terms of the sheer number of APIs that were
being created and the various approaches being used in those things.
At the same time, one of the other tracks was on a whole set of concerns around the legal and
security risks associated with piecing all this together. As it was the developers’ conference, the
legal thread was less attended than the API thread. But, there is obvious concern about how all
these things piece together, how we put the controls in place, and where we get those services
I deﬁnitely agree with Dave that some of the core processes, especially for larger and more
security-sensitive organizations that consider their core IT to be their business processes, are
going to be maintained internal to the organization. Some may be willing to put them out, but in
majority of cases, we ﬁnd people want to retain the IT internally.
But being able to reach out through those APIs in a safe and secure way, controlled way, to get
data, analysis, and capabilities from within the cloud is deﬁnitely where we are headed. That
Google analytics stuff is one example.
Internal or external
We've already seen in terms of analysis tools, the GIS stuff, geographical information, where
people are just putting maps up and overlaying stuff. The data may be internal to them, but the
capability of drawing a map and getting the geographical data comes from outside, and that’s
created incredible types of what we call mashups, such that we expect and have seen in some
Businesses are now doing their own mashups and they only get there by understanding how all
these APIs, these security tenants, these legal requirements, come together. In some cases, they're
ignoring those for expediency today, but ultimately the management of those things is going to
be key here.
Linthicum: Just a short comment on that. One of the things that was not a message that was well
received at Gluecon, being a bunch of developers, was that you need to do your stuff in the
context of a good security strategy and a good governance strategy. So, how you are going to
leverage these systems and policies and usage you put around it? That really becomes the core
problem to solve before you go off and make this happen.
I don't know if you saw my keynote presentation I did the ﬁrst day of the conference, but I went
into a lot of those things. When I talked to some of the attendees, I noticed that really wasn’t well
understood or even well received.
That’s a tad scary, because they're driving out in the market, creating and leveraging these APIs.
In many instances, they're ungoverned. They're insecure. We don’t know exactly what they're
doing, and they actually can create some vulnerabilities, which will open the risk that costs way
more than any kind of beneﬁts we're getting from cloud computing.
Gardner: Jim Reavis, let’s look into governance a bit. When companies start exploring more
business process and agility efﬁciencies around cloud, they get exposed in ways that they
wouldn’t if they were locked down inside their four walls.
But, becoming exposed, sharing data, exploring and using APIs from other parties, doesn’t this,
in a sense, force these companies to adopt better methods and policies and start thinking about
things that they probably should have been doing anyway? The question is, does cloud, by its
nature, force organizations to become better at things like governance, policies, and best
Reavis: I think it requires them to translate their governance concepts and their controls into a
new environment. It's going to take some real thinking to do that.
I was one of the three, I guess, who didn’t go to Gluecon. So, thanks Dave and Archie for not
inviting me. I guess it's because they're authors and I just read cartoons all the time, but I think
the points there are very well made.
We're going to see the market provide the SOA governance and brokering tools that allow you to
control a lot of these things and give the customer the ability to put in XAML, for example, and
create some policies that they can embed and have some brokering involved, so that when the
developers are out trying to create these mashups with a variety of different APIs, they can insert
some sort of policy governance and have that look like another SOA-type service.
Frameworks and tools
We're not trying to dictate to the developers completely how they develop these new
applications, but we are giving them some frameworks and tools that they can embed in the way
they understand things, in the way they like to do business.
I want to quickly mention, though, that we've got a huge history behind us that tells us that
internal networks are not locked down and secured. Having data on 100,000 machines, laptops,
and every place else that has no controls over it, is a pretty perilous place to be.
Now, we understand that we're moving to a new platform. Let’s do our best to control that, but
let’s try and deﬂate little bit that traditional IT is more secure than cloud. I'm really not ready to
Reed: There are a couple of points I want to make, so that we're sure we're not just hand waving
and all that. I think the incentives, the risks, and all those things change dependent on the type of
business we're looking at.
Certainly, when we talk to smaller organizations and mid-sized organizations as well, they're
looking for the edge that they can gain in terms of cost and support and, in most cases, more
security. In this case, they look for broader back-ofﬁce solutions than perhaps some of the larger
organizations, things such as email, account management, HR, and so forth, as well as front-end
stuff, basic web hosting and more advanced versions of that.
We've implemented things like Microsoft Business Productivity Online Suite (BPOS) for many
customers, especially in the mid range. They do ﬁnd better support, better up time, better cost
controls, and to Jim’s point, more security than they are able to provide for themselves.
When we get to talk to larger organizations, some are looking for this. We know, even in the
ﬁnancial industry, which you might consider to be one of the most security paranoid type
environments there are outside of the three-letter agencies, they ﬁnd that kind of thing appealing
as well. Some of those have actually gone to use Salesforce.com for some of their services.
But, they're generally more concerned with the security stuff and they often ﬁnd speciﬁc
capabilities more appealing in a service model, such as data processing, data analysis, data
retrieval, functional analysis, and things like that. The mashups are deﬁnitely more popular as a
type of model or the service-oriented nature is more popular model with larger organizations that
we talk to.
Gardner: What do you think Dave Linthicum? Is there an underappreciated value to cloud in
that, in moving to cloud models, you have to adopt the right processes around security,
governance, and other risk mitigating activities that makes you a stronger, better company
overall. That is to say, cloud is like New York -- if you can make it there, you can make it
Linthicum: Ultimately, it does require that you shore up a lot of your security and governance
processes within organizations that probably don’t do security and governance processes as well
as they think they do.
In some of the audits that I do, I often ﬁnd huge exposures in how they do the on-prem systems.
As they're moving into cloud, they push back on the security aspects of it all the time, and people
are walking off on a daily basis with laptops full of customer data, critical data, and their IT.
They just don’t understand it, because they don’t have the audits, the best practices, and the
security mechanisms around that.
Moving into cloud is going to make people think in a very healthy, paranoid state. In other
words, they are going to think twice about what information goes out there, how that information
is secured and modeled, what APIs they are leveraging, and service level agreements (SLAs).
They're going to consider encryption and identity management systems that they haven’t done in
In most of the instances that I am seeing deploying cloud computing systems, they are as secure,
if not more secure, than the existing on-premise systems. I would trust those cloud computing
systems more than I would the existing on-premise systems.
That comes with some work, some discipline, some governance, some security, and a lot of
things that we just haven’t thought about a lot, or haven’t thought about enough with the
traditional on-premise systems. So, that’s going to be a side beneﬁt. In two years, we're going to
have better security and better understanding of security because of cloud.
Gardner: So, as we're now looking for even more beneﬁts, paybacks, and improvements to your
overall business by being a cloud adopter, how about at the competitive level? It seems to me
that there are beneﬁts to ﬁrst movers.
It's been established by some of the best management consultants and business schools in the
world that being the ﬁrst to a market gives you very powerful beneﬁts. Does cloud offer the
opportunity for those who are willing to do the work and be aggressive and innovative an
opportunity to enter markets in new ways?
One example is Apple computer. Apple has been aggressive. They don’t talk about cloud, but
when you look at MobileMe, iTunes downloads, and the App Store, these to me are cloud-based
services that have allowed Apple to grow mightily in the past few years, not just based on their
devices, but based on their use of cloud.
So, there’s a ﬁrst mover. Do you all agree -- and we will go around the panel -- that there’s a
competitive beneﬁt, at least for the foreseeable future, in your own markets, as enterprises have
exploited cloud as a competitive cudgel. How about that, Archie?
Reed: In terms of ﬁrst mover, late to market, or fast follower, there’s always a potential risk and
beneﬁt to any of those things. I agree that perhaps Apple has beneﬁted, but I wouldn’t call them
ﬁrst movers in this space. I would say that they have been fast followers.
By that, I mean that even if you look at iTunes or the iPod itself, those things came after existing
services already were in place. What they were able to do, if we take that as an example, was tie
those together into an ecosystem that basically created their momentum to move forward.
Scaling really fast
The reality is not that the advantage is being able to be the ﬁrst mover in cloud computing, but
the fact that cloud allows you to scale and go big really fast. It allows you to sit in the fast-
follower position and gain just as much as any ﬁrst mover, because the gap between seeing a
business opportunity and being able to deliver on that requirement or business opportunity is so
much less than what it was previously.
You don’t have to ramp up huge amounts of services that take months. You can scale up in a
matter of hours or days. As long as the wave isn’t so huge, and it rarely ever is, you can always
get into that market space using this type of model.
Gardner: I'd like to pick up on one of the points you made about being able to establish an
ecosystem. If you're exploiting cloud effectively, does that give you an advantage in how you can
carve out an ecosystem, become a hub, and therefore be in a very proﬁtable position within that
Reed: I'll take a quick stab at that. I think there's going to be a window for a number of years
where that is the case. There will be businesses that are willing and able and can manage cloud
type environments to their beneﬁt. But, eventually, the gaps become so small and the availability
of these services online becomes so ubiquitous that I'm not sure how long this window goes for.
I don’t want to say that, in a few years, everybody will be able to deliver the same thing just as
quickly. But for the moment, I think there’s a few forward thinking organizations that will be
able to achieve that to great success.
Gardner: Jim Reavis, same to you. What about the competitive beneﬁts that businesses should
consider when evaluating cloud in terms of that cost beneﬁt analysis?
Reavis: Businesses are so dependent on technology now and into the future, and we always try
to stay innovative and competitive. If you just look at this from a developer standpoint, you don’t
see a lot of new applications for the Commodore 64 anymore.
The organizations that are developing what they think is state of the art, but it’s not cloud, are
going to be struggling, because all of the neat, interesting new developments. It’s hard to even
put your head around all of implications of compute as a utility and all the innovation we are
going to see, but we know it’s going to be on that platform.
If you think of this as the new development platform, then yeah, it’s going to be a real
competitive issue. There’s going to be a lot of new capabilities that will only be accessible in this
platform, and they're going to come a lot quicker.
Five years from now
So, in terms of the ﬁrst movers and the environment now, it’s going to look very different.
Anybody who carved out some space right now and some lead in the market in cloud shouldn't
feel too comfortable about their position, because there are companies we don't even know about
at this point, that are going to be fairly pervasive and have a lot to say about IT ﬁve years from
Reed: I just want to make a point there, Jim. You can actually get a Commodore 64 emulator for
the iPhone. So, there may be some new stuff coming up. I'm not sure, but it is possible.
Gardner: Yeah, there is the long tail in reverse. It’s backwards-compatibility from the cloud.
Dave Linthicum, same question to you, the competitive beneﬁts of being aggressive in cloud
computing at some of the highest business issue levels.
Linthicum: We already talked about the business agility aspect of it, but ultimately, even as
these younger companies who are leveraging more cloud than a lot of the older companies out
there start to grow up, they are going to ﬁnd that their IT CAPEX costs are, in many instances,
They are going to have some on-premise systems, but they are used to putting things in the
cloud. They are Salesforce.com adopters early on. They're using Amazon now. They've ﬁgured
out security and governance and ultimately they are going to have these very agile business
systems that are able to run rings around their competition.
I don’t think we're going to see this anytime soon, but I deﬁnitely think that by 2015 or 2016,
you're going to see some businesses suffering from IT bloat. They're very static, monolithic
systems, very difﬁcult to change, and very fragile. Some of the things we always talk about
around enterprise architecture are going to kill the company, because they can’t do the
acquisitions and they can’t move into market spaces.
By the way, their new competitors that came out of nowhere get cloud computing because
they've used it from the get-go. They're going to be able to leverage that as the strategic value
that’s going to allow them to dominate the market. We're seeing some of this today in some of
the smaller spaces, but it’s not very pronounced.
But, it’s going to be very pronounced to the point that business journals are going to talk about it,
and a lot of companies are going to go out, because some of the folks are able to leverage
technology for strategic IT advantage to beat them into the ground. Look at Wal-Mart. They
leveraged IT for a huge strategic advantage to beat their competitors into the ground to lower
their prices. We're going to see that a hundred times over in ﬁve years.
Reed: I'd agree. I can give you an example, Dana. I spoke to a very small group of individuals,
fewer than 50. They're designers and architects, and they've come together to form this company.
Their claim was that they didn’t need any IT anywhere, because they were using cloud services
Even the provisioning system, the controls about who had access to what, was all done in the
cloud. All they needed was their big old Macs, the 27-inch Macs, and their huge HP screens. As
long as they could get online, they were in business.
This small company's claim, when I was talking to them, was that they had just beaten out the
largest established architectural ﬁrm in Ireland for a bid in Dublin. They had done that by being
able to work round the clock, online, at all times, and deliver it to the customer in a much shorter
time than anyone else was able to. They did it all through cloud services.
So, it’s quite compelling to see small businesses compete with the larger businesses, and unless
big businesses understand what’s going on, we're going to see a few start to lose business in this
Gardner: Well, I'm afraid we'll have to leave it there. Sufﬁce it to say that we've clearly
identiﬁed in the market, over the past several years, some signiﬁcant hurdles and risks to cloud
computing. But, some of these beneﬁts also sound extremely compelling and almost not an
option, when you consider the competitive issues. That cost-beneﬁt analysis can easily come
down on the side of a must-do, even if the risks are substantial.
We've been talking about identifying some of the top reasons and paybacks for adopting cloud
computing and why you should perhaps do those sooner rather than later.
I want to thank our panel. We've been joined by Archie Reed, HP’s Chief Technologist for Cloud
Security and the author of several publications including "The Deﬁnitive Guide to Identity
Management" and "The Concise Guide to Cloud Computing." Thank you so much, Archie.
Reed: Thank you.
Gardner: We've also been joined by Jim Reavis, executive director, Cloud Security Alliance and
president of Reavis Consulting Group. Thank you Jim.
Reavis: Thanks, Dana.
Gardner: Lastly, I also want to thank Dave Linthicum, CTO of Bick Group and a proliﬁc cloud
blogger, podcaster, and you said that you did your 100th cloud podcast recently Dave?
Linthicum: Just ﬁled a 100th podcast, after two years.
Gardner: Congratulations. And also the author of several notable books. Thanks to you.
This is Dana Gardner, Principal Analyst at Interarbor Solutions. You've been listening to a
sponsored BrieﬁngsDirect podcast. Thanks for listening and come back next time.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor:
Transcript of a BrieﬁngsDirect podcast on how moving to the cloud can lead enterprises to
examine and improve current policies. Copyright Interarbor Solutions, LLC, 2005-2009. All
You may also be interested in:
• Converged Infrastructure Approach Paves Way for Improved Data Center Productivity
• HP's Cloud Assure for Cost Control Takes Elastic Capacity Planning to Next Level
• Cloud Computing by Industry: Novel Ways to Collaborate Via Extended Business