Andy Burton is Chief Executive Officer of the Cloud Industry Forum. Mr Burton joined Fasthosts Internet Group in 2009. Prior to Fasthosts Internet Group, he held CEO roles at Centennial Software, Content Technologies (Baltimore), and Chubb Information Security. He was also Chief Operating Officer of ClearSwift, and held Managing Director posts within the publicly traded Chubb Security Group (now UTC) and Securicor Group (now G4S). Mr Burton is a non-Executive Director of FAST and chairs the UK Cloud Industry Forum.
Andy Burton obtained a Master of Business Administration degree in 1995 from the Open University.
Although many organisations are recognising the advantages and benefits of using cloud computing, there is still some concern about what services they will use the cloud for, the service providers they will employ and the risks they will face. A code of practice based on transparency, capability and accountability would help providers to implement best practices across their services and enable end users to choose the most reliable provider. Such a code would help to establish a common standard for cost, data security and reliability.
When cloud computing first exploded on to the scene, there were mixed views as to whether it would become the next big thing on business and IT agendas or whether it would simply fade into the distance and become yet another nice-to-have tool. However, the potential of cloud computing was soon recognised with independent analyst house, IDC, predicting that global revenue from public cloud computing services would grow at five times the rate of traditional IT.
Since the start of 2011 we have seen the rate of cloud adoption soar. A recent survey by the UK Cloud Industry Forum revealed that almost half (48 per cent) of all organisations in the UK are already using some form of cloud service, with larger companies more likely to use them. The overwhelming reason given for initially adopting cloud-based services is the flexibility that they bring to the organisation, identified by 53 per cent of respondents. Interestingly, it is organisations with fewer than 20 employees, though, who identified flexibility as the key issue for their participation (63 per cent of the sample).
Although many organisations are recognising the advantages and benefits of using cloud computing, there is still some concern about what services they will use the cloud for, the service providers they will employ and the risks they will face.
The research highlighted that end user organisations continue to express anxieties about risks such as data security, privacy and sovereignty, all of which were cited by a majority of respondents. The cloud industry needs to provide more practical guidance and comfort in response to these concerns. It was interesting to note that 41 per cent of the participants did not want their data hosted outside the UK (sovereignty) and that this percentage increased for smaller businesses and public sector to exceed 50 per cent.
This is an interesting finding as it reflects natural concerns driven by regulation (such as the Data Protection Act) but also suggests that national law provides a higher level of comfort to cloud users. This is particularly relevant as it requires end users to understand where their potential data will reside in a hosted environment and requires the cloud industry to ensure that it caters for clarity and choice in the design and delivery of SaaS (Software as a Service) and IaaS (Infrastructure as a Service) solutions, as a one-size-fits-all delivery will not meet all organisations’ requirements, regardless of cost benefits.
Adoption of cloud services relating to employee or customer data was perceived by most users to be a higher risk than any other IT activity. Again there is a lack of confidence and clarity surrounding the protection of data online. The industry should seek to educate the market to build confidence and trust on this critical topic. The telecommunications industry will have a vital role in this.
The need for a code of conduct
As with any service, cloud service providers need to provide information that relates to their business and operations in a standardised format to cut through pure marketing messages to the core facts about the services they provide and how they deliver them. Providing answers to essential questions in a common form will enable end users to make rational and informed decisions on how to progress with specific vendors. As such, a code of conduct can encourage consumers to have clarity and confidence in their choice of provider.
Due to businesses’ uncertainty of how to embark upon a strategy that includes cloud computing, it is important to understand specifically how it can benefit both businesses and end users at a practical level.
To help cut costs for businesses, cloud computing is typically offered on a pay-as-you-use or subscription model and there are no capital costs for participation. Operating independently from hardware, it also provides resources and services to store data and run applications, in any device, anytime, anywhere, as a service.
A code based on transparency, capability and accountability would help providers to implement best practices across their services and enable end users to choose the most reliable provider. Further still, it helps to establish a common standard for cost, data security and reliability.
As it stands, cloud computing is still relatively new and often driven by specific vendor messaging that lacks transparency, and for some that leads to a lack of credibility. A code can highlight information that’s vital to making informed business decisions, such as stating the vendor’s real legal entity (behind the web presence), where their data centre operations are based, if they are owned by another company, what their operational practices are, etc.
In terms of capability, organisations complying with a Code of Practice should have documented management systems, processes and resources in order to deliver services consistently for their customers 24/7 and enable service level information to be accessed by them.
Accountability and trust
Accountability involves educating the customer on the legitimacy of organisations. Service providers should be accountable for their operational practices and public website declarations, and in particular, they should provide evidence for any public claims they make about their service on their websites or promotional materials.
A Code of Practice is necessary to engender the trust required between businesses and cloud service providers to collaborate on the delivery of an IT strategy. If cloud service providers follow the requirements within a Code of Practice and make the information needed to make an informed decision available they would be able to place a certification mark on their websites. End users will then be able to recognise this as a public statement of the provider’s operational and ethical intent. What is not in doubt is that what we call cloud services will continue to grow in capability and adoption; what is not so clear is the pace at which that transformation will arrive.
Advances in mobile Internet access, along with the explosion of cloud-based services for personal use, is having a direct impact on the growth of smartphone adoption. The rapid increase in smartphone adoption can be put down to the increasing sophistication of consumer technology. For example, cloud capabilities have enabled consumers to access the Internet, email and applications from smartphones just as easily and securely as when working from a corporate PC.
The challenge to operators is managing the increasing network traffic and network capacity requirements. The positive aspect is that this new opportunity provides operators with a fountain of new potential revenue streams. As cloud computing continues to grow at a rapid rate, we will see even relatively simple smartphones and feature phones having the capability to access what today would be unimaginably powerful and sophisticated applications, even for a desktop PC.
The main feature of cloud computing is that it is platform agnostic. With its unlimited flexibility and scalability, we are now seeing businesses starting to use the cloud to organise social networks within their business environments. Further still, they are exploring the use of the cloud to track and mine information from existing social networks.
Social networks and consumers
With the popularity of social networks within business continuing to grow, cloud’s potential can only increase further and expand beyond social networks to become a central part of business strategy. And we should not forget the consumer social networking world, which is constantly introducing new services and communication channels.
Despite the rapid growth of cloud adoption within a short time, cloud computing is still a work in progress. I have no doubt that cloud computing is here to stay. However, I believe that its form will evolve along with changes in business and consumer demands. As we see further developments in technology and IT, in particular, social networks and mobile computing, along with the need to provide more competitive prices on a global scale, businesses are likely to become more reliant on cloud-based services.
Cloud is currently seen as predominantly a business service, although the benefits will soon become acknowledged by consumers and will definitely impact our social life. A prime example of how cloud computing will benefit consumers in the future is buying concert tickets. Currently many websites crash due to the influx of people trying to buy tickets as soon as the ticket box opens. With cloud computing, and its ability to scale up when additional services are needed and scale back down during low peak periods, consumers will no longer experience these problems due to ‘too many’ people trying to access the website. Further still, we will see a culture whereby consumers will be able to do almost anything from their smartphone with the same capability and ease of using a desktop computer.
In order to stay ahead of competition, operators need to ensure that they provide complete transparency of their operations and continue to provide a standard service as they would with traditional service models. Cloud security is still a concern for many and those cloud service providers who manage to gain trust from their customers in their services will undoubtedly become leaders within the market.