Zimory White Paper: The Cloud's Slow European Take-off


Published on

The term “Cloud” is being increasingly used and analyzed in the IT market. Cloud Services are synonymous with innovative features that clearly differ from the traditional utility computing. Clouds are by definition flexible, dynamic, scalable and heterogeneous, with three defined categories: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). These qualities have proved to be very positive for IT engineering and businesses.
Nevertheless, and because of its novelty, technical and business evolution, the Cloud Computing market presents a certain number of obstacles for companies interested in moving to the Cloud, especially in the early stages.
Decision makers face a sizable considerable number of challenges when considering moving to the Cloud, especially with regards to the following obstacles:
- Pricing policies
- Neutral market place
- Technical standardization
- Lock-in policies
- Data protection and security policies
- Cloud security testing

This paper analyzes these challenges, offering factual, theoretical and practical reasons for the slow take-off of the Cloud Computing market. It also analyzes possible instances to overcome these difficulties, describing Zimory's position and practical solutions to address these market obstacles.

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Zimory White Paper: The Cloud's Slow European Take-off

  1. 1. CLOUD COMPUTING MARKET: Understanding its Slow Take-Off in Europe White Paper, May 2013
  2. 2. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 1 TABLE OF CONTENTS Abstract...................................................................................................... 2 Introduction and Problem Description........................................................ 2 Cloud Computing Market Situation ............................................................ 3 IaaS vs. PaaS vs. SaaS: Differences in Market Perspectives....................................... 3 Public vs. Private… and Hybrid Models......................................................................... 5 Reasons for Slow Take Off of the Cloud Computing Market..................... 6 1. General Market Confusion......................................................................................... 7 2. Differences in Pricing Policies.................................................................................... 8 3. Absence of Neutral market place............................................................................... 9 4. Lack of Technical Standardization........................................................................... 10 5. Lock-in Policy of Larger Vendors............................................................................. 11 6. Fears regarding Data Protection and Legal Frameworks........................................ 12 European Union Mandate on Data Protection vs. U.S. Patriot Act ........................ 13 Differences between European Legal Frameworks................................................ 14 7. Inability to Test Cloud Services before Buying ........................................................ 15 Overcoming Slow Take Off: Benefits of Adopting Cloud Services .......... 16 Successful Cloud deployments of IaaS ...................................................................... 16 Zimory and Successful IaaS Deployments ................................................................. 17 IaaS Cloud Brokerage model....................................................................................... 18 Management of Connection Certificates................................................................. 20 Open Cloud Solution.................................................................................................... 21 Zimory Open Cloud Solution................................................................................... 21 Contact Information.................................................................................. 23
  3. 3. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 2 ABSTRACT This document analyses various causes for the slow take-off of the Cloud Computing market in general, based on recent research and published articles. Proposals to overcome the slow take-off of the market are also enumerated in the following white paper, with particular emphasis on Infrastructure-as-a-Service. Keywords: Cloud Computing Market, Cloud Services, Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Public Clouds, Private, Clouds, Hybrid Clouds, Security Policies. INTRODUCTION AND PROBLEM DESCRIPTION The term “Cloud” is being increasingly used and analyzed in the IT market. Cloud Services are synonymous with innovative features that clearly differ from the traditional utility computing. Clouds are by definition flexible, dynamic, scalable and heterogeneous, with three defined categories: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). These qualities have proved to be very positive for IT engineering and businesses. Nevertheless, and because of its novelty, technical and business evolution, the Cloud Computing market presents a certain number of obstacles for companies interested in moving to the Cloud, especially in the early stages. Decision makers face a sizable considerable number of challenges when considering moving to the Cloud, especially with regards to the following obstacles:  Pricing policies  Neutral market place  Technical standardization  Lock-in policies  Data protection and security policies  Cloud security testing This paper analyzes these challenges, offering factual, theoretical and practical reasons for the slow take-off of the Cloud Computing market. It also analyzes possible instances to overcome these difficulties, describing Zimory's position and practical solutions to address these market obstacles.
  4. 4. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 3 CLOUD COMPUTING MARKET SITUATION The following section compares Cloud Services and models from various market parameters. This comparison will be the basis for analyzing reasons of the slow take-off of the Cloud Computing market in Europe. IAAS VS. PAAS VS. SAAS: DIFFERENCES IN MARKET PERSPECTIVES The Cloud Computing market is categorized into three service types. The following table, based on a study by Jeff Caruso for Network World 1 , compares the differences between these categories regarding market dynamics. Speed of Adoption IaaS: Small and mid-size companies are adopting Cloud Services more easily and with more enthusiasm than large companies, who are a bit more reluctant and still in a “test phase”. PaaS: Somewhere between SaaS and IaaS. Being developer-oriented, speed of adoption for this specific target audience is predicted to rise in the short-term. SaaS: Might be considered as the most abstract option of the three Cloud Service categories, which lately has obstructed speed of adoption in the market. Highest percentage of usage in the market. May actually become so overused that will lose its “Cloud quality”. Customer/User IaaS: Customers maintain control of their software environment. No equipment. IaaS vendors provide VMs. PaaS: Developers build applications and use provided APIs and tools to hook them into the provider's environment and run them there. SaaS: Customers control very little of what happens inside the Cloud. 1 Network World, Inc. IaaS vs. PaaS vs. SaaS. Jeff Caruso. November, 2011. http://www.networkworld.com/news/2011/102511-tech-argument-iaas-paas-saas-252357.html. Consulted on: 1st June 2012.
  5. 5. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 4 Management of software environment IaaS: Virtualization enters and plays a crucial role in customers' software environment management PaaS: Interaction between developer and provider environments SaaS: Hold and manage control of the environment used by customers. Providers IaaS: There are many 'IaaS' providers that do not offer true Cloud IaaS. Providers make efforts to avoid customers from lock in. PaaS: Developers tools to create applications to the platform. Manage the hooking and running of these applications on their own environment. SaaS: Providers make most important resource decisions. Service Principles IaaS: Openness, portability, ability to get easily out of the Cloud. PaaS: Targeting a very specific market. Not a finished and concrete product compared to the other two Cloud Service categories SaaS: Reduction of costs sacrificing customer control. The list clearly shows that in speed of adoption, qualities such as customer control, openness, portability and virtualization are the basis for IaaS increasing adoption rates. In addition to, and regardless of the usage facilities and evident “popularity”, SaaS, by comparison, continues to be more abstract, mainly because its many different layers have yet to be explicitly defined, at least from a customer point of view. Finally, PaaS is the middle-ground between facility without customer control of SaaS on one hand, and complexity and broadness with customer management of IaaS on the other. Nevertheless, Louis Columbus in Predicting Cloud Computing Adoption Rates 2 , presents data of SaaS as leading indicator regarding Cloud adoption rates. Columbus quotes a Forrester survey affirming that SaaS will present the highest Cloud adoption rate, growing up to 50% in 2012. SaaS “popularity” and growth affect positively IaaS and PaaS adoption rates as well, effectively clearing doubts and confusions about Cloud Services. 2 A Passion for Research Blog. Predicting Cloud Adoption Rates. Louis Columbus. July, 2011.
  6. 6. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 5 PUBLIC VS. PRIVATE… AND HYBRID MODELS It is often a confusing task for customers to clearly identify which Cloud Service model is best suited to their needs. The increasing availability of choices such as dedicated equipment and isolation tends to blur differences between Cloud Service models. Articles such as Private Cloud vs. Public Cloud vs. Hybrid Cloud 10 and Gartner's Evaluating Infrastructure as a Service 3 review the technical considerations when choosing a Cloud model, these include:  Applications and data to be moved to the Cloud.  Applicable regulations and legal frameworks to the company and the provider.  Geographic locations of the company and the provider.  Required Service Levels and Service Level Agreements to be established with providers.  Usage patterns for workloads.  Integration implications between applications and enterprise functions. The following List 4 illustrates the most important differences between Cloud models, in relation to the target market and usage parameters: Target Companies Public Clouds: Better adapted for companies that need to move their data dynamically without having to comply with strong regulations for business. Private Clouds: Better adapted for companies that need to comply with strong security regulations (e.g. pharmaceutical, medical, governmental). SaaS:  A composition of at least two or more Clouds (private, community or public) offering the benefits of multiple deployment models.  The customer provides and manages some resources in-house and has others provided externally  Gartner predicts it to be the most commonly used Cloud model.  It requires both on-premises resources and off-site server based Cloud infrastructure. 3 Gartner, Inc. Evaluating Cloud Infrastructure as a Service. Lydia Leong . March, 2011. 4 Based on: Gartner, Inc. Design your Private Cloud with Hybrid in mind. Thomas J. Bittman. February, 2012.
  7. 7. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 6 Responsibility Public Clouds: Providers have the biggest responsibility regarding control and management of resources and data. Private Clouds: Customers/ end users are responsible for directly controlling and managing data. Providers also participate in management if required. Number of Users Public Clouds: Any number of users. Private Clouds: Single user/ entity (a company, for example) Implementation Public Clouds: Shared implementations. Private Clouds: Unshared implementations. Provider Public Clouds: External Service provider. Private Clouds: On premises or off-premises. The choice of Cloud model will depend on customer needs and the reasons for Cloud adoption. REASONS FOR SLOW TAKE OFF OF THE CLOUD COMPUTING MARKET The following section outlines both theoretical and practical approaches for Cloud adoption in order to understand the slow take-off of the Cloud Computing market. The causes analyzed include: 1. General market confusion. 2. Differences in pricing policies. 3. Absence of neutral market place. 4. Lack of technical standardization. 5. Lock-in policy of larger providers and vendors. 6. Inability to test Cloud Services before buying. 7. Fears regarding data protection.
  8. 8. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 7 1. GENERAL MARKET CONFUSION The continual evolution of the Cloud Computing Services and market is more than evident for the IT world. While evolution implies many positive changes and adaptations, it also carries a certain confusion and uncertainty, and the Cloud Computing market certainly reflects this definition. The complexity and the broadness of the market can lead customers to have a blurred outlook on the market and consequently by making uninformed decisions, it can take them away from the expected results. There are still important doubts about basic differences between Cloud solutions, data protection, testing and pricing policies. Evidently, Cloud Computing is today more than a trending topic in all media, regardless of the target audience. Many Cloud Computing providers have taken advantage of this popularity to create what has been defined as a “Cloudwashing” 5 strategy, categorizing their offerings with the “Cloud” quality, even if they are not truly Cloud Computing Services. The “Cloud-washing” phenomenon and the complexity among other reasons leave customers with doubts and apprehension when facing the decision of Cloud adoption. The National Institute of Standards and Technology (NIST) of the United States Department of Commerce created a Cloud Computing Roadmap stating that “a neutral common understanding and model is needed by customers in order to clearly and consistently understand how Cloud Services compare (i.e., apples to apples.)” 6 Cloud Computing solutions available in the market are multiple and diverse, which is a great advantage for adaptability and flexibility. They add, however, complexity to the Cloud adoption decision making. Customers need to better understand their organizational needs in order to find the right Cloud solution. Furthermore, since this is an evolving market, much effort and research is yet to be done to achieve technical and market standardization and neutrality. Providers are obliged to focus their efforts on accurately documenting information about their Cloud Computing services, and making this documentation more accessible to the market. In the European, and more specifically in the German market, an important percentage of the available information focuses mainly on the potential risks of Cloud adoption, which is obviously a positive aspect of Cloud Services documentation. It is fundamental, however, to also generate documentation regarding the evident and enormous saving potentials of Cloud adoption, such as improved time management, avoidance of financial damages, as well as environmental issues. Exhaustive documentation of both risks and the many benefits of Cloud Services will allow clients to make a completely informed decision about Cloud adoption, and will contribute to a 5 Gartner, Inc. Pricing and Buyer's Guide for Web Hosting and Cloud Infrastructure, 2012. Lydia Leong. March, 2012 6 National Institute of Standards and Technology (NIST)-United States Department of Commerce. US Government Cloud Computing Technology Roadmap Volume I Release 1.0. Lee Badger, David Bernstein, obert Bohn, Frederic de Vaulx, Mike Hogan, Jian Mao, John Messina, Kevin Mills, Annie Sokol, Jin Tong, Fred Whiteside and Dawn Leaf . November 2011.
  9. 9. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 8 positive evolution of the Cloud Computing market, especially in early stages, eliminating the current general confusion. 2. DIFFERENCES IN PRICING POLICIES Differences in pricing policies is one reason for the slow take-off and confusion in the Cloud Computing market. There are often traditional, conservative and inflexible pricing policies that go against the basic Cloud principles of adaptability, flexibility and scalability. Customers that make an uninformed Cloud adoption decision, choose the “cheapest” or “simplest” offer in the market, without even analyzing whether or not it suits their long term needs. Bad decisions obviously lead to great frustrations, constituting a bad precedent for the Cloud Computing market in general. According to Gartner's Pricing and Buyer's Guide for Web Hosting and Cloud Infrastructure, most pricing models include everything, with an “all in” policy. However, some providers can for example, supply itemize pricing, making customers pay for resources separately from management costs. Prices also vary enormously depending on the capacity of VM storage, and RAM as well as CPU speed and network bandwidth. The compute capacity is a variable that is yet to be clearly defined among providers. All of these ambiguities leave no doubt: Customers must choose providers with clear product technical specifications of their services and solutions. All of these requirements will guarantee an informed Cloud adoption decision and consequently customer satisfaction. NIST's Cloud Computing Roadmap states that the Cloud Computing industry needs to clearly and consistently categorize Cloud Computing services regarding interoperability and portability guidance and technology. According to a 451 Group research regarding the State of European Cloud Provider Market, “few providers offer a true pay-as-you-go service.” 7 Many customers see the pay-as-you-use service as one of the most attractive qualities when considering moving to the Cloud. However, they should look for Cloud Service providers that offer clear standards for the pay-as-you-go service. The 451 research also states that there is a “large variance in what service providers will document as a performance standard and/or commit to under a Service Level Agreement. Whether comparing IaaS, PaaS or SaaS, the level of technical commitments offered or SLAs provided can vary considerably from one provider to the next.” 7 Cloud Service providers are obliged to establish clear and public SLAs based on different qualities and levels of service, as a basic condition in order to create a neutral contract. 7 The 451 Research: Hosting. State of the European Cloud Provider Market. February 2012.
  10. 10. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 9 3. ABSENCE OF NEUTRAL MARKET PLACE The arrival and evolution of Cloud Computing has been revolutionary, especially with regards to competition in the marketplace. There is no doubt that Cloud Computing represents an enormous milestone for IT engineering. There are, however, many elements to be improved in the Cloud Computing evolution process in order for it to continue to be as positive as it has been so far. One of these elements is the absence of a neutral marketplace and the consequent appearance of market monopolies. The Journal of Issues in Informing Science and Information Technology in the article “Should the Cloud be Regulated?” 8 addresses this problem stating that the “massive move to the Cloud and the promise of reduction of costs through the economies of scale raise the problem of the creation of monopolies.” Sources for these monopolies are listed as being the following:  Resource scarcity: great difference of resources between big companies and SMEs.  High entry barriers: related to evident economies of scale. Big companies, obviously being a clear market minority, make great investments in resources and infrastructure, leaving smaller market players handicapped.  Control of the platform for Cloud Computing construction: Complete management of access and control. Clearly, the rise of market monopolies in Cloud Computing directly leads to the reduction of Cloud Service providers, which is counterproductive to the markets positive evolution and growth. It would also leave customers with fewer choices to suit their needs. “Net Neutrality” defenders claim that a larger companies' main objective is to establish a market monopoly of Cloud Computing services. “Hence, it is said, direct controls are necessary to ensure satisfactory performance: Control over profits, specific rates, quality of service, extensions and abandonments of service and plant, even permission whether to enter the business at all.”8 The market requires clear, standard and neutral regulations to guard and balance its openness, where all market players are treated as equals, in order to ensure provider diversity and the positive technical and market innovation of Cloud Computing services. 8 The Journal of Issues in Informing Science and Information Technology. Volume 8. Should the Cloud be Regulated? Abbas Strømmen-Bakhtiar , Amir R. Razavi . 2011.
  11. 11. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 10 4. LACK OF TECHNICAL STANDARDIZATION Cloud Computing is a relatively new market for IT engineering and IT businesses. At this point, it is impossible to generalize about providers' implementation and quality approaches. Since the Cloud Computing market continues to evolve, there is an evident gap regarding best-practice policies and the establishment of technical standards. This lack of standards slows the take-off of the market as it leads to customer apprehensions and insecurities when considering Cloud adoption. The powerful market leaders that embrace quality and adaptability are yet to be established. Those who manage to offer solutions with transparent technical standards, interoperability and compatibility seem to win the battle in the long-term over the big historical names in the IT market. Customers' interest and knowledge in Cloud Computing is clearly increasing and will lead them to demand for more technical compatibility and interoperability, as well as for well-defined technical standards. Clear technical specifications will be the basis for establishing Service Level Agreements (SLAs). SLAs are the core of a fair relationship and contract between Cloud Computing customers and providers. NIST's analysis of the Cloud Computing Roadmap states that the Cloud Computing industry needs to “develop and adopt consistent technical specifications, of high quality and completeness, to enable the creation and practical evaluation of SLAs between customers and Cloud providers (interoperability, portability, and security guidance and technology)” 8 . Otherwise, Cloud Computing market difficulties in the early stages will remain or even increase while customers are unable to objectively compare between providers' offerings. NIST analysis found that comparison variables are still blurry and differ considerably regarding the following aspects:  Agreement terms.  Technology basis and performance: Supported hypervisors, functional specifications, network interfaces, scalability, dynamic elastic allocation of resources, tenant isolation, customer and support services, etc.  Time measurements.  Guarantee and data security policies. These are basic elements for the establishment of any secure and fair contract between two parties, especially in the IT business. Finally, the NIST strongly recommends providers to establish clear, standard and consistent categories of Cloud Services in order to develop an architectural reference where category and technological interoperability and portability must take place. Clear game rules will provide the market with the reliability and security needed for it to have a more fluent take-off and development, promoting a safe and sane environment for investment in technological and business innovations.
  12. 12. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 11 5. LOCK-IN POLICY OF LARGER VENDORS The rise of Cloud Computing services seems to put the long discussed issue of vendor lock-in back on the table. The presence of lock-in policies is closely related to the absence of a neutral marketplace, since large vendors are interested and even invest in creating a certain customer “dependency” on their product environment, which leads to a closed market monopoly. This is opposite to the Cloud principles of interoperability and compatibility. Some of the large Cloud Services vendors tend to use this “customer dependency” as a selling strategy, making their products inoperable and incompatible with products from competing businesses, which obliges customers to rely on them for product maintainability and update. Vendor lock-in policies certainly go against the most basic Cloud principles: To buy or install a web-based service, with no physical software or hardware to be to maintained and upgraded strictly by the vendor who will obviously charge customers for these services as well. On the other hand, Cloud SMEs, such as Zimory, are making great efforts to fight against lock-in policies that benefit only a few. If customers are to truly achieve their Cloud goals, they need to consider moving away from this economic and technical monopoly of the big market names. These efforts are demonstrated by Zimory with products that offer high- quality, flexible service capability while still increasing efficiency. The software maintains openness and independence, connecting various virtualization technologies into one Cloud, and allowing flexible movement between private and public Clouds. Diversity and interoperability allows market players to invest in relevant innovations rather than in maintaining or updating systems.
  13. 13. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 12 6. FEARS REGARDING DATA PROTECTION AND LEGAL FRAMEWORKS Cloud adoption implies data interaction between customers and Cloud Service providers. These functional and operational characteristics of Cloud Services put data protection and security issues as one of the priorities to be analyzed when considering Cloud adoption. Even though sources such as Network World state that “security issues have dropped in importance” 9 comparing the market situation to a few years ago (an evidence of the positive evolution of customers' confidence in Cloud Services advantages), data protection and security issues are still one of the most important concerns preventing some customers from Cloud, and it is a subject matter that implies many perspectives. Cloud solutions imply dynamic interactions, which, from the customer's point of view, might seem difficult to control with conventional IT security standards. Cloud Computing security is in reality not isolated from the standard IT security, data protection policies and regulations. Nevertheless, the architectural design, potential scaling, reliance on networking, multi-tenancy and shared resource qualities of the Cloud Computing service architecture lead to the necessity of reviewing current security control policies. This re- examination of current policies would provide the market with reliability and transparency for a more fluent market start. As affirmed in the NIST Cloud Computing Roadmap, “security concerns need to be documented, understood, and addressed to a degree that security in a Cloud is clearly understood and managed.” 6 Customers need to be assured by Cloud Service providers with clear and consistent information regarding data security policies and regulations in order to facilitate the mainstream adoption of Cloud Services. Gartner 10 recommends that decision makers should analyze data protection and security implications before moving to the Cloud, by considering the following:  Regulations of the country where the data is stored, where the company is located and where the Cloud Service provider is located.  Awareness of who controls and regulates data. Customers using services of a US company are exposed to the Patriot Act, for example. Specific regulations such as the US Patriot Act are outlined below.  Transparency as a work principle should form a basis for Cloud Computing companies and customers. Players in the Cloud Computing market must be aware of the applicable regulation to their business. Cloud Service vendors must make security issues as one of the fundamental elements, if not the most important, to be documented and explained to customers before moving to the Cloud. 9 Network World, Inc. Private Cloud vs. public Cloud vs. hybrid Cloud. Nancy Gohring. November, 2011. http://www.networkworld.com/news/2011/102411-tech-argument-private-public-hybrid- Cloud- 252337.html?page=1. Consulted on: 1st June 2012. 10 Gartner, Inc. Predicts 2012: Cloud Computing Is Becoming a Reality. David Mitchell Smith, Yefim V. Natis, Gregor Petri, Thomas J. Bittman, Eric Knipp, Paolo Malinverno, Joseph Feiman Lydia Leong . December, 2011.
  14. 14. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 13 In order to provide a more concrete outlook of regulations impacting the Cloud Computing market, the following table 11 has been presented to describe the US Patriot Act and the European Mandate on Data Protection, which will form the basis of an analyzed comparison opposing these two legal frameworks: EUROPEAN MANDATE ON DATA PROTECTION US PATRIOT ACT Defined legal framework with criminal sanction for anyone breaking the EU data protection regulations. Submission of US companies and their foreign affiliates to be submitted to US regulations, regardless of their location. Prohibition to access or share EU citizens' personal data. Possibility of accessing personal data if companies or individuals are suspected to have terrorist implications Required notification of data release (or sharing with third parties). Direct prohibition of sharing data controlled by US companies with third- parties European Union Mandate on Data Protection vs. U.S. Patriot Act When comparing these two laws, it becomes evident that security is an issue to be handled with extreme care with both customers and providers. Both of them need to be fully aware of applicable regulation to their businesses. These regulations have proven to be contradictory to each other. This is an obstacle for the Cloud Computing market to progress and evolve, with complexity that affects both Cloud adoption decisions and Cloud usage. At first, American regulations appeared to be more flexible than European laws, mainly because of the multiplicity of countries and cultural differences; until the appearance of the U.S. Patriot Act. This law complicates in general all market dynamics and interactions, especially those pertaining to data protection and security. It is a law with many blurry regulations, which still causes significant controversy about its implications for business and even personal privacy. The U.S. Patriot Act is also in direct contradiction to the European Union Data Protection mandate because it obliges, for example, American companies managing data in Europe to comply with both European and American regulations. European laws strictly protect access or sharing of European citizens' personal data, precisely demanding notification when this data is shared with third-parties. On the other hand, as stated in the article: 11 Based on: © Informa. Can European Firms Use U.S. Clouds to Store Data? January, 2012. http://informa1.ie/newsstory/Can_European_Firms_Legally_Use_U.S._ Clouds_To_Store_Data. Consulted on 31th May 2012.
  15. 15. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 14 Can European Firms Use U.S. Clouds to Store Data?, “the U.S. Patriot Act requires U.S. Companies (and their foreign subsidiaries) to comply with U.S. Government data requests regardless of location, provided that data is under the control of a U.S. Company (…) such data sharing is not allowed to be revealed to a third party.” 11 Evidently, this conflicts with the European mandates strict demands of data sharing notification. Confusion and ignorance that result from these contradictions turn fear about data protection and legal frameworks into an argument for not moving into the Cloud. However, it is important to note that this is not a problem limited to the Cloud Computing market, but also to traditional data centers. Differences between European Legal Frameworks European boarders were never an obstacle for business dynamics and interaction. However, as described in this paper, the apparent market confusion in the evolving Cloud Computing market could be one of the reasons for the slow market adoption. In Predicts 2012: Cloud Computing Is Becoming a Reality; Gartner affirms that European diversity “will make Cloud adoption considerably slower. How slow will depend on how strict national regulation and data privacy issues are in a specific country, and how pressing the business requirement of reaping the benefits of Cloud Computing will be” 10 Gartner also acknowledges Europe's IT literacy and maturity, qualities that will support the Cloud adoption process in the European market. An article published by the New York Times explains the implications of a panel, known as the Article 29 Working Party, providing recommendations on Cloud Service regulations. Recommendations will be published in a report that will also emphasize advantages of Cloud adoption to, among other goals, support IT market innovation and efficiency. Recommendations are hoped to support also Cloud Service providers to “improve their image” in Europe by clarifying confusions and reducing fear about data security and protection, which will all result in encouraging Cloud adoption. Article 29 Working Party's recommendations for Cloud Service providers might include:  Informing clients exactly where their data is being physically stored at any time.  Deleting all personal data in Cloud computing centers when retaining the data is no longer necessary.  Disclosing to clients the subcontractors they plan to use to process data. Although these recommendations are obviously not mandatory, they are likely to become a clear guidance for the 27 countries of the European Union, which will considerably reduce the existing gap between the American and the European Cloud Computing markets. On the other hand, in a 451 Group analysis it is stated that European companies are “taking a practical approach when it comes to data. It’s widely acknowledged that enterprises in Europe want to keep their data in the country and ideally close to the organization.” 7 A simple answer can be the departure point of finding a solution to
  16. 16. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 15 contradictory and unclear regulations. Zimory responds to this practical approach since its enterprise-grade technology provides secure data and application processing in Clouds, keeping the data in the country. The Zimory Cloud Suite matches the levels of security, quality, reliability, availability and continuity found in their internal data centers. 7. INABILITY TO TEST CLOUD SERVICES BEFORE BUYING For customers, being able to test products for themselves before buying is an important requirement. It is especially important for customers to perform security testing on Cloud Services, since Clouds might be a sensible target for hackers. However, conditions and conventions are still unavailable for customers to test Cloud Services for themselves before moving to the Cloud. Vendors rely on third-party and independent testing entities to verify the well-functioning and packaging of their products. On the other hand, Gartner points out that Clouds are “providers' most valuable property” 10 , which makes them reluctant to allow access to potential customers, only for testing purposes. These circumstances present further evidence for the slow take-off of the Cloud Computing market. To improve this situation in the short-term, it is integral for Cloud vendor's quality systems to support and complete security testing, making it available for customers before Cloud adoption. This is visibly one of the most awaited improvements in Cloud Computing evolution, since it might be able to answer questions regarding data security and protection issues; a breaking point for improving the slow take-off of Cloud Computing market. Zimory solutions are submitted to a high-level quality assurance process meeting security and quality standards. Technical security measures implemented, as well as other aspects of Zimory solutions will be treated in detail in the following section of this paper.
  17. 17. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 16 OVERCOMING SLOW TAKE OFF: BENEFITS OF ADOPTING CLOUD SERVICES Having analyzed the main reasons for the slow take-off of the Cloud Computing market, the following section presents concrete solutions to overcome market difficulties in the early stages of Cloud adoption. Zimory solutions will be presented as an example to the real feasibility of overcoming these obstacles. SUCCESSFUL CLOUD DEPLOYMENTS OF IAAS Success in Infrastructure as a Service is a clear indicator that Cloud Services vendors are focusing their efforts on improving the quality of Cloud Services to overcome market discussed challenges, which will support the increase in Cloud adoption. Furthermore, and as an example of how the Cloud Market is overcoming the slow take-off, IaaS is being used for multiple purposes, increasing exposure and successful use of Cloud Services in multiple contexts such as:  R&D projects and load testing.  Building and deploying Web- based applications.  Moving non-critical and data with no regulation monitoring from expensive data resources.  Acting more quickly on IT opportunities without having to wait on IT resources.  Underlying infrastructure for SaaS and PaaS. In addition and despite its slow take-off, the article Overcoming the Challenges of Cloud Reality 12 published by Spirent, the following successful provider use cases for IaaS Clouds were identified:  Increased efficiency during a specific contract flow.  Lowered costs and savings by consolidating servers through virtualization: When physical severs are under-utilized to the 10-15% average, virtualization allows them to be used to 40 -50% utilization rate and even up to 75%.  Increased elasticity and speed of access through the pooling of resources and leveraging automation, allowing to add aspects such as on-demand self-service.  Supported application awareness and dynamic resource optimization.  Programmatic control over resources, allowing to manage resources and configurations as needed. 12 Spirent®. Overcoming the Challenges of Cloud Reality. May 2011. http://www.spirent.com/~/media/White%20Papers/Broadband/PAB/Overcoming_the_Challenges_of_ Cloud_Reality.ashx- Consulted on May 31st 2012.
  18. 18. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 17 Successful IaaS deployments prove the many advantages of Cloud adoption, leaving behind the mentioned skepticism regarding data security and the confusion about general characteristics of the Cloud. Zimory is a good example of successful IaaS deployments, which will be presented in detail in the following section. ZIMORY AND SUCCESSFUL IAAS DEPLOYMENTS Zimory Cloud solutions, zimory®connect and zimory®manage are an important example of successful IaaS deployments. zimory®connect enables for example, the scheduled deployment of resources, allowing users to make unused hosts available for only the time needed. Zimory software is designed to support fast performance activation and deployment. Pre-configuration, templates and best practice design decreases the deployment time for virtual machines substantially to some seconds rather than minutes. Furthermore, Zimory manages for Deutsche Telekom public Cloud Services for large companies. High security standards are especially required for virtual private Clouds working inside public Clouds; this service management becomes a challenge regarding security issues on software management for public Cloud services offered inside the high security networks of telecommunication companies. When providing these solutions, Zimory has successfully demonstrated its ability to meet the challenges of the thorough security requirements of carrier-grade IaaS management software. One of the main reasons for this success is that Zimory’s offerings in IaaS management software 13 implement a modular architecture based on SOA design patterns 14 , which offers the following advantages with regard to security requirements:  Database isolation  No single point of failure  Enterprise application server (JBoss).  Encrypted inter-system communication authenticated with certificates.  Clear separation of authentication process from authorization and encryption which take place separately.  Widespread use of one-way hash functions for passwords and secure information. Taking into account external security:  Isolated components, realm concepts.  External LDAP to provide authentication and system authorization.  External CMDB.  Gateway component to protect host machines.  Management infrastructure is protected from VMs. 13 Zimory GmbH, Virtualization Security. Peter Caron. May 2012. 14 Schneider Bruce, Cryptography Engineering: Design Principles and Practical Applications, 2nd Edition. Wiley Publishing, 2010.
  19. 19. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 18 Moreover, governmental customers tend to be conservative and cautious with rigid IT requirements when it comes to security issues. As an example of the quality of Zimory's guarantees of system security listed above, Zimory is building the government Cloud for the Austrian government data center-BRZ, overcoming challenges and increasing flexibility and reducing CAPEX and OPEX without compromising security standards. Through these Cloud Services, Zimory demonstrates once more that an independent and high secure management infrastructure is of key importance to enforce and support Cloud datacenters with high security standards and policies. IAAS CLOUD BROKERAGE MODEL Innovation is a fundamental factor in overcoming the slow take-off of the Cloud Computing market. It will also contribute to its evolution. The IaaS Cloud Brokerage business model introduces dynamics to Cloud Service use cases. It will allow three or more independent parties (providers, traders and buyers) to do business together (buying and selling products), reducing procurement procedures and verifying closely at the same time the pre-established trading criteria. All interactions and processes are supported by the flexibility of Cloud spot-pricing in IaaS Cloud Exchange. IaaS Cloud Services provide complete management and governance, generating analytics of context and interactions, all of which complies with security standards. The IaaS Cloud Brokerage model is an innovative service that confirms the evolution of the Cloud market and how Cloud Service providers' efforts to innovate their services complying with high security standards. To better understand the IaaS Brokerage model and to show how it contributes to overcome the slow take-off of the Cloud Computing market, Gartner published a report called Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud Services Delivery 15 , where it identifies six main differences between Cloud Services Brokerage and standard Cloud Services: 1. Buyers can be different: Buyers can have different ranges, from individuals and SMBs to large businesses. Cloud Brokerage cannot modify the actual service implementation or own the technology: Possibility of integrating or customizing one or multiple Cloud Services. 2. Technology used for integration, customization and management can be different as can the integration scenarios: Multi-tenancy of shared environments for Cloud Brokerage technologies for integration and governance. 3. Contract managed differently: Integration of services where the only guarantee of performance or availability is through the established SLA agreed on in the customer contract or the brokerage agreement. 4. Channel for Cloud Brokerage may be widely different than those established for traditional system integrators. 15 Gartner, Inc. Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud Services Delivery . Tiffani Bova, Daryl C. Plummer. May 2012
  20. 20. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 19 5. New Cloud specialists: New Cloud Brokerage specialists coming from other businesses different from the traditional IT services world, presenting different marketing messages, different technical and business-related skills, new value propositions and well- established partner ecosystems dominated by third-party Cloud-native IT providers. The IaaS Cloud Brokerage model is based on requirements from the consumer and the seller which requires independence, demanding compliance with high security standards for offering and buying of resources, they offer open and complete APIs, which negates the vendor lock-in, one of the reasons for the slow take-off of the Cloud Computing market. The IaaS Cloud Brokerage is a prove of how the reasons for the slow take-off of the Cloud Computing market can be managed and solved. The answer? Innovative and high-quality software. The Zimory Cloud Brokerage model responds to the challenges and requirements of the market described above, based on the Zimory Cloud product technology. The following image provides a general view of the Zimory Cloud Brokerage solution. Figure: Components of Zimory Cloud Stack in the Cloud Exchange setup With the actual buying and selling mechanisms being executed in an external Cloud Exchange module, the Zimory Cloud Suite has the role of settlement. The buying and selling can be done in various ways from long-term contracting to a short term stock exchange model. All of which results in the market required flexibility and adaptability of Cloud Services.
  21. 21. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 20 Every seller on the Cloud Exchange requires at least a single instance of zimory®connect in each of the datacenters, as a local management hub. This will allow the Seller to offer services to the marketplace. In addition, every Consumer in the Cloud Exchange requires at least one zimory®manage, the entry point for the Consumer and the end-user and provides the Cloud API. Consumers can use the portal to resell Cloud capacity to end customers, or use the internal capacity pool for another purpose such as serving their internal Cloud. The connection between instances is controlled by the Cloud Exchange system. The Cloud Exchange system outputs certificates that control connection. Therefore, the Cloud Exchange is able to control the delivery mechanism on-demand and review the settlement status of transactions. All Consumer functions are compiled in the zimory®manage component, whereas the Sellers functional requirements are reflected in the zimory®connect module. Both modules are also interconnected using an open API, which enables both parties to buy and sell, without being locked into the technology. This solves, as mentioned above, one of the main reasons for the slow take-off of the Cloud Computing market. Management of Connection Certificates As discussed before, security is one of the main concerns when considering Cloud adoption. Innovative solutions such as the Cloud Brokerage model, must respond to the market security demands. In order to do this, the Cloud Exchange requires connection control between the zimory®connect and the zimory®manage modules. In order to do this, the Cloud Exchange module – where the trading takes place, delivers the following information on contracts between partners: 1. Contract parties. 2. Contract volume. 3. Contract time. With this information, the Zimory platform generates connection certificates that enable a temporary connection between a specific zimory®connect and a zimory®manage. The certificates will be generated by the Cloud Exchange module and automatically pulled by the zimory®manage and zimory®connect instances. Based on this certificate, the Consumer can utilize the resources and also monitor consumption of end-users. It can also decouple end-user pricing that suits their business models. In conclusion, the importance of Zimory Cloud Brokerage lies in the fact that companies with multiple datacenters are able to use these solutions to broker various services in different locations, or to build and support community Clouds, complying with high technical quality and security standards; to provide general examples a car manufacturer building can, for example, a Cloud Brokerage Service for their dealer network, airlines building a Cloud for their agency network, etc.
  22. 22. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 21 This variety of use cases along with the high quality technology and security standards confirm that the slow take-off of the Cloud Computing market can be managed and overcome by responding to the market specific demands on main aspects such as security, flexibility, neutrality, technical standardization, etc. with innovative solutions that comply with these standards and offer many advantages to businesses. OPEN CLOUD SOLUTION Well-developed open Cloud solutions are a powerful tool to speed up the adoption of Cloud Services, since open Cloud solutions are based on the following principles:  Interoperability  Elasticity, efficiency  Open standard formats and interfaces  No customer lock-in Zimory Open Cloud Solution Zimory's new, open Cloud business solution is representative of how an open Cloud solution can contribute to the evolution of the Cloud Computing market. Offering European customers improved interoperability and reduced costs fully compliant with the EU mandate on Data Protection. Zimory Cloud Suite offers user, consumption and metadata of a service, available in an open standard interface. This provides full transparency and monitoring of user consumption and data, enabling organizations to manage costs more efficiently. Using proven open source technologies as a basic framework, Zimory Cloud Suite offers a new capacity management tool and monitoring facility capable of fine grained analysis of usage patterns in large Clouds for extended periods of time. In essence, it allows technical administrators to run heterogeneous, geographically distributed Clouds efficiently, whilst still maintaining guaranteed SLAs. All of these characteristics along with the “made in Germany” quality guarantee and market customers have demonstrated to have great confidence in Clouds made in Germany, especially because of their quality and the compliance of data security policies. With our open Cloud solution, Zimory negates vendor lock-in and addresses issues around data portability, privacy and security in order to deliver substantial benefits to its global constituents.
  23. 23. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 22 CONCLUSION After analyzing causes for the slow take-off of the Cloud Computing market, it is possible to make the following conclusions:  It is necessary to define and standardize clear pricing policies. This will provide more reliability and credibility to the market, augmenting customer confidence in Cloud Services.  SLAs need to be clearly defined, including all possible service scenarios, prior to Cloud adoption.  Avoiding market “Cloud washing” will clarify general aspects of the Cloud Computing market.  A neutral market place is required in order to maintain provider diversity and avoid market monopoly and consequently vendor lock-in for customers.  Technical standardization is a must, especially with regards to data portability, adaptability, scalability and interoperability.  The eostablishment of technical and general standards is crucial for increasing speed of Cloud adoption.  Data protection and security policies: Customers and providers must be aware of applicable regulations and legal frameworks for their businesses. Security continues to be an important concern for customers considering Cloud adoption.  Providers need to focus their efforts on ensuring that Cloud Services are security tested in the short-term, in order to solve concerns regarding data protection.  Zimory offers concrete IaaS solutions supporting standards for interoperability, scalability, adaptability, openness and flexibility to the Cloud Computing market.  Zimory's successful deployments constitute a positive precedent for IaaS deployments in the Cloud Computing market.  Customers must demand clear and documented description of the Cloud Service(s) when considering Cloud adoption.  Customers must make an informed and objective comparison of provider offers in order to find the right solution, which can be best adapted to their business needs.  Providers need to document their offers in a clearly and make them available for customers.
  24. 24. CLOUD COMPUTING MARKET Copyright© 2013, Zimory GmbH 23 CONTACT INFORMATION Zimory GmbH Revaler Strasse 100, 10245 Berlin Germany Email: info@zimory.com Tel: +49 (0)30 609 85 07-0 For the latest information, please visit www.zimory.com The information contained in this document represents the current view of Zimory GmbH on the issues discussed as of the date of publication. Because Zimory must respond to changing market conditions, this document should not be interpreted to be a commitment on the part of Zimory, and Zimory cannot guarantee the accuracy of any information presented after the date of publication. The information represents the product at the time this document was published and should be used for planning purposes only. Information is subject to change at any time without prior notice. This document is for informational purposes only. ZIMORY MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2012 Zimory GmbH. All rights reserved. Zimory is a registered trademark of Zimory GmbH in Germany. All other trademarks are the property of their respective owners.