By Sramana Mitra and guest author Saurabh Mallik
SM: I have two questions on this topic. From the vendor point of view, the world we see a lot, in Silicon Valley particularly, is that there are hundreds of software as a service vendors who are trying to sell into the cloud customer base that you cater to. One of the tricks these vendors have perfected is to get into a large enterprise through a small division because the cloud doesn’t involve a lot of IT involvement. WebEx did this very early on. It came up with this sales methodology of going to a division or business unit of the large enterprise and got that division to adopt collaboration. WebEx would gradually penetrate the organization, but it would go in at the divisional level, bypassing IT.
MW: Exactly, the viral approach, right?
SM: Yes, the viral approach, and the fact that they don’t need a lot of IT involvement for employees to use these technologies has helped cloud computing adoption. Especially for the startups, it has become a lot easier to sell to these companies. You were talking about standardizing. How are these processes reconciled?
MW: Good question. I want to clarify this virtuous cycle. Specifically, what you see is viral adoption or penetration where a department, division, business unit, or region can make a decision and act on it. Sometimes that’s an edge service, such as conferencing services as in the WebEx example.
SM: Yes, collaboration is a perfect example.
MW: Yes, it is. Then what happens, this is the conversation we had with the CIO. You are going to have sprawl, and you are going to act fairly decisively to capture that because, well, let’s think about collaboration as the example. If it is casual, the likelihood that there is some information risk is probably reasonable. If it becomes core to the business, the information on which people are collaborating becomes the crown jewels or a significant business asset. The risk is higher and of the need for risk and control analysis greater.
SM: I would imagine there are all sorts of compliance issues at this point, no?
MW: There can be. So, an example, were collaborating on financial data, that might very well be subject to Sarbanes–Oxley. If you were collaborating on design and using a third-party service, not that the data couldn’t be saved, but the casual adopter has not gone through the risk analysis and control analysis. That could be very dangerous and costly. So, viral penetration is very costly in terms of the cloud service providers’ point of view. It is off-putting from the CIO’s point of view because you really need to maintain the integrity of the asset of the enterprise.
SM: Does that create tension between the cloud service provider and the CIO’s office?
MW: Today, I don’t think there is any standing wave of tension because the cloud is still emergent. I think it is a risk, and as we advise CIOs about the subscriber, we tell them, let’s try to get ahead a bit with the services catalog. And, by the way, if you can get a services catalog that can become a hybrid adoption of the services you provide in-house, some of which you are subscribing to from the outside, and if you abstract those services as you go, that’s the first step. This is pretty effective. The CIO can become the store for the preferred provider. He or she needs to be able to meet the need and be able to drive adoption, speed up the solution, prefer opex over capex, or not have to have the option of a bunch of expertise in-house. If the CIO is going to be the storefront for all things cloud, he or she has to be able to meet the service catalog demands with an appropriate speed to a solution, appropriate opex and capex, ongoing elasticity, and the appropriate set of capabilities. This pushes us from the private cloud, which is inside the trust zone, toward the hybrid cloud. And, as you say, the democratization or consumerization factor is driving people in the division to take out the AmEx and go get what they need from the public cloud.