By Arun Gupta, Managing Partner & Director at Ingenium Advisory.
Recently I attended a conference of small and mid-sized Cloud service providers. Up for discussion at the conference was the current state of the market and its evolution, with digital being the primary focus. The idea was to collectively brainstorm and learn from each other’s experience. Participants spoke about the various evaluation criteria they were subjected to, problem statements they had to answer, and the two biggest stumbling blocks in their path: ROI and Security. These are challenges that remain even post maturity of the Cloud solutions and a growing customer base.
Some large enterprises have adopted a Cloud-first approach to their new initiatives with any upgrade or refresh decisions. These early adopters and fast followers are now more or less convinced that it does not make sense to continue investing in conventional hardware solutions. Data centers and servers are best left to the experts to manage while application management was outsourced a decade ago. DevOps is the way to go and Cloud is where everything should reside. Of course, there are industries which have seen exceptions for some types of solutions which are still not amenable to be on the Cloud. Even the providers acknowledge this and keep away from pitching for such use cases. Big monolithic solutions are facing the agility challenge and the paradigm has shifted to accommodate multiple for-purpose apps on the Cloud. This either makes some parts of the solutions redundant or enhances productivity by reducing the effort it takes to complete a workflow or task in the conventional solutions.
Consumer and personal apps reside on the same devices that are used at work; this transgression, managed or otherwise, is here to stay. CIOs and CISOs have learnt that pushbacks are no longer accepted and they have to find a way to make peace and find solutions that allow coexistence. MDM has evolved to provide some level of compartmentalisation to separate the official from the personal, as well as provide the ability to brick a device should it be lost or fail to return on exit. So, where s the unfulfilled promise of security and ROI? Or is it just a favourite flogging horse?
Questions such as ‘How secure is your Cloud solution?’, ‘Have you had any security certification done for your software?’, ‘When was the last time a penetration test was conducted?’, ‘What is the uptime offered on your Cloud?’, and ‘What is the ROI of your solution’, became the daily reality of service providers who had to field these questions every day with their customers. Since the Cloud is expected to save money, it was as if repeating the message would strengthen its value and make it work for the customer and stakeholders.
After all the due diligence and certifications, customers go and deploy the solutions with limited security governances and vulnerable practices that expose the data. Eventually, if and when the data leakage does occur, the Cloud and/or the solution is deemed immature and not upto the market. Attempting to create idiot proof solutions with checks and balances in place to guard against human stupidity is the final and ultimate step in ensuring that the solution is secure. This has remained the goal of every enterprise and a challenge for every provider.
Return on Investment is a different ballgame altogether. Value is a function of the frame of reference of the perceiver and has nothing to do with reality. For someone, a dollar a month per user may be value and for another $10 is not expensive. Can service providers do justice to the wide spectrum of expectations? I am not sure that kind
of elasticity exists. While volume driven discounts or market entry strategies may offer low pricing in the initial stages, such practices are rarely sustainable in the long term unless the end game is market valuation and not profitability.
At the end of the discussions, collective wisdom indicated that alleviating the fear factor will take it’s time since evolution is inconsistent and everyone wants to reassure themselves of the risk factors. It doesn’t matter how many have taken the leap of faith or how long the solution has been around. Even today, buyers are apprehensive of every decision they take lest it not work in their unique environment, or they might not be able to leverage the value. I think that the discussion will keep popping up and we will have to provide reassurances a zillion times over.
This article originally appeared in Arun Gupta’s blog at CIO Inverted and is reproduced with permission from the author.