The Cloud's Mix 'n' Match Muddle

Earlier this year, HP (NYSE: HPQ) rolled out a new offering to help companies manage the operations and applications they're putting in the cloud. Called "HP Cloud Assure," it's a -- what else? -- a SaaS (Software as a Service) tool that monitors security and performance.

The number of management tools developed for the cloud environment is growing, and HP's entrance was to be expected. What's worth examining -- apart from the functionality such management tools provide -- is the reason for their existence.

Cloud computing is a hot tech growth category that shows no signs of cooling. These are still early days, though, and companies that are experimenting with this computing model are doing so in a piecemeal fashion, or on a case-by-case basis. The result, for some firms, is a mishmash of IT functionality -- some of it in the cloud, much of it still on the ground.

This scattershot approach calls for additional work on the part of the implementing firms. For instance, security is a valid concern.

Is there an advantage in turning to a single large vendor that can offer a broad array of services, or should companies continue to tap providers on an as-needed basis, depending on the application or service desired? Most fundamental: What can companies expect in terms of standardization and interoperability from cloud providers?

The Big Questions

"People are just now starting to tinker with applications in the cloud -- a lot of people view it as a new IT sourcing option," Scott Kupor, HP's vice president of SaaS, told the E-Commerce Times.

"They have traditional in-house deployments that they won't change, but if they think there will be cost advantages to rolling out an application in the cloud, they will take it," he explained. "Given that -- management of this environment is key. That is the area where we get the most inquiries."

People want to know how they can ensure performance availability and security of applications running in the cloud environment, he said, as well as how they can integrate that performance back into an overall IT strategy .

These questions are behind the demand for management products such as Cloud Assure, according to Kupor. Even this category, though, is in a nascent form. Right now, there are several point providers -- which is characteristic of the early days in most IT categories.

Cloud management will evolve in much the same way that virtualization management has, Kupor said, in that management will become part of a larger overall feature set. In the meantime, companies will continue to tap multiple vendors to help them with their needs.

Integration Issues

When they do, they will likely experience integration glitches, Dennis Quan, director of development for autonomic computing with IBM's (NYSE: IBM) software group, told the E-Commerce Times.

That's the case in any computing environment, of course.

"In terms of integration, the cloud has the same problems as traditional integration does," noted Quan.

The workloads that are best suited for public clouds tend to exist in environments where a company is growing new IT systems from scratch, or that are relatively self contained, he said.

Point-to-point integrations with public cloud services into larger enterprise tech environments are far more difficult to accomplish.

"So, public cloud services have to integrate one piece at a time in the cloud environment," Quan said.

IBM advocates a hybrid approach, he noted -- companies that have the kinds of workloads that are suited public cloud services should take advantage of them -- but they should also use the services of providers like IBM to solve larger IT problems by designing the necessary integration links.

Still Manageable

The fact is, even with the typical multivendor approach, cloud computing is still very manageable, Martin Schneider, director of product marketing for SugarCRM, told the E-Commerce Times.

A lot of these applications are embracing an interoperable, standards-based approach -- making it easier for these systems to talk to each other, he said, pointing to SugarCRM's own cloud initiatives, as well as the industry initiative, Open Cloud Manifesto.

Earlier this year, a group of large and small IT companies and institutions pledged to work together to establish and promote open standards in cloud computing. The Open Cloud Manifesto's goal is interoperability between technologies. Signatories include IBM, AT&T (NYSE: T), Sun Microsystems (Nasdaq: JAVA), Novell (Nasdaq: NOVL), Rackspace Hosting (NYSE: RAX) and SAP (NYSE: SAP).

Security Issues

While integration issues appear to be the same no matter where the application resides, that is not quite true for security.

Companies should never let their guard down on that, Qualys CEO Philippe Courtot told the E-Commerce Times.

That said, there are a number of unique security advantages to using the cloud, because vendors can build security into the infrastructure. "In fact, they can control it much better than in the enterprise," Courtot said. "That is because there is only one version of Linux or Oracle (Nasdaq: ORCL) database or one Apache server."

While data breaches are routinely announced by large companies, not one cloud computing vendor has reported a breach -- at least, not through a hack attack, Courtot pointed out. One well-known SaaS company was breached, but that was an internal employee falling prey to a phishing attack.

Still, there are limitations.

"One security problem we have not yet fixed is the security of the Web application itself," he acknowledged.

"Also, the industry needs to develop two-factor authentication and federated identities for the cloud environment," continued Courtot. "If you have multiple vendors in the cloud, you are going to have multiple passwords, so having a single sign-on is important."