In this post, I want to help answering the question how cloud and managed service providers can help end user organizations to move faster and more decisively into the cloud. This is of major relevance for the growth of all CSPs and MSPs and a requirement for every provider who wants to be able to compete against the large players like Amazon and Microsoft.
The first question of cause is: Do organizations want to move into the cloud at all? Especially with their internal applications like collaboration software or ERP systems? And as a consequence: Is there an opportunity for service providers at all?
The answer is “yes, if”. Companies expect a lot from cloud computing, for example, the “Future of Cloud Computing Survey” finds a return-on-investment expectation of less than three months.
At the same there are still many undecided and even skeptical decision makers, though there is a general sentiment towards cloud computing as you see below in a study by BITKOM and KPMG:
Why do many organizations still prefer on-premises solutions?
I’d say there are three very important obstacles. Security, interoperability and vendor lock-in. Let’s have a look at each of them:
Obstacle 1: Vendor Lock-in
Many cloud-based applications like Salesforce or Office365 are only available as tightly integrated bundles of infrastructure, software, service-level, jurisdiction and other features. You only can have it all – or nothing. You are not able to use the same software from a different data center run by a different cloud service provider. Even if it is a provider whom you prefer to work with, perhaps, because they can offer better suiting service levels or a different jurisdiction.
This means for the end user organization, once its data has been moved into a cloud service and its business processes have been integrated with it, it is tied heavily to the specific vendor. This has been labeled the ‘Hotel California Effect’ by Jeremy King, CTO of Walmart Global eCommerce. “You can check-out any time you like, But you can never leave.”
Of course, similar lock-ins already existed with proprietary on-premises software in the past. But the cloud brings this experience to new, unprecedented levels. Where in the past you were at least in the physical possession of your data, this is no longer the case in the cloud. This results in even more powerful means for providers to control which competitor may be able to access the data and thus might make competing offerings.
Obstacle 2: Interoperability
This brings us to the second concern: Interoperability. Not only can providers of a proprietary SaaS control which competitor might be interoperable. There are other important aspects, too.
One with which many organizations are struggling with right now is identity management and single sign-on. Today, for most organizations Microsoft Active Directory is the de-facto standard to manage users, access rights, and credentials. But as organizations are adding more and more cloud-based applications, they need to find ways to interface these applications, which often come from various vendors, with the Active Directory they have. But opening up Active Directory to a bunch of vendors accessing it from the outside or implementing numerous schema extensions is something most administrators do not like – for good reasons.
On the other hand, if organizations fail to provide a unified management of identities and credentials, their users will end up having to manually log-in into each service. This leads to a situation whereby the organization completely loses track of access rights and permissions.
Obstacle 3: Security
Not only therefore, security is the third obstacle and in combination with compliance it is the most pressing one. Organizations, especially in Europe, but more and more in other places, too, are deeply concerned. They are apprehensive about storing their data or running processes in the cloud. They don’t know if their data is secure in the cloud, if it can be accessed by the ‘bad guys’, by competitors or by foreign governments.
Of course, this is not just a coincidence. Edward Snowden has opened our eyes. Again! I have to add, because this issue was known before. Do you remember the Echelon scandal?
What we now know for sure is: First, government agencies are collecting as much data as they can. Not just the NSA but probably Chinese and – yes – German agencies, too. And second: There are many back doors in software, some of them by mistake while others are implemented on purpose to allow security agencies to access private data.
The consequence of this mess is that most enterprises either do not move their data into the cloud at all, or they only work with local providers which operate under the same jurisdiction and in the same country. For German enterprises this means: We only work with providers with data centers and head office in Germany. Amazon AWS, for example, with a data center in Frankfurt but the head office in Seattle is not good enough.
This is an enormous challenge for globally operating cloud service providers like Amazon or Microsoft. They are trying to get around it. Either by not complying with procedure in the U.S., by fighting lawsuits or by enabling local entities to operate their cloud stacks as Microsoft is now doing with Deutsche Telekom in Germany. But this fight will be hard and the outcome is completely open. On the other side this opens up a huge opportunity for local providers.
Opportunity for local providers
Local providers can operate under the local jurisdiction. They can’t be forced to hand over data belonging to a German organization to another country. And it’s clear that there is no problem to outsource data processing to a provider in the same country or in the EU, if you are an EU customer.
So from a security and legal standpoint it is clear that local cloud or managed service providers have a huge advantage compared to their globally operating competitors. But that alone will not be enough. There is still the question of back doors, especially in proprietary software. But also the questions of interoperability and vendor lock-in have to be tackled.
A powerful measure against vendor lock-in is to use applications for which the software itself is available, so that these applications can be provided by several, possibly competing cloud service providers. Having the software available on its own also enables the end-user organization to bring the application back into its data center, if needed. This allows for freedom and options.
Funnily enough, choice between service providers benefits the providers, too. This might sound counter-intuitive at first glance. But it’s still true. Nobody would buy a roof for his house on the condition that only the roofer who installed it can provide any and all services or repairs for the roof for the next 30 years. That’s what many of the large providers are offering.
Open Source as best measure against lock-ins
The best measure against lock-ins are Open Source licensed apps, because they can always be implemented anywhere.
But that’s not all. I’d say the most important feature of Open Source is that it provides complete transparency. And again, it may seem counter-intuitive, but transparency means better security. With Open Source you don’t have to rely on your software vendor to know if the software is secure or if it has any back doors. You can check it yourself or ask someone whom you trust. And if a hole is found, it can be fixed immediately by anyone.
Let’s look at the large players: For companies like Google, Facebook, Amazon or Walmart it is absolutely crucial to run secure applications in a secure network which can be scrutinized for any problem at any time. It is vital for these companies that any security issue can be fixed immediately. Additionally, to grow and scale, these giants cannot tolerate lock-ins of external vendors. I guess that is the reason why they and many more companies strategically rely on Open Source software.
To summarize: Using software applications, which are independent of the cloud service greatly reduces vendor lock-ins. Providers that operate in the same jurisdiction as their customers solve most compliance issues. Finally, using open source software is by all means the best prerequisite for trustworthy IT.
But what about the issue of interoperability? Also, local cloud or managed service providers are often smaller and lack the capabilities to provide comprehensive stacks of integrated SaaS applications.
Closing the gap
To address this and thereby to enable CSPs to provide solution stacks that do not lock customers in and allow vendors to compete, we started the Open Cloud Alliance together with a number of cloud and managed service providers as well as software vendors.
We now have in place an open source platform to deploy, run, and manage enterprise applications in the cloud and on-premises. These applications are integrated with a unified managed system which builds upon a single identity and access management system. You can think of this as a kind of distributed Android for servers with an integrated IAM and an app center with dozens of enterprise applications. All of this is completely Open Source software, of course.
We are still in the early stages, but since it is based on our proven Univention Corporate Server platform, this app platform is already being used by cloud service providers to offer groupware and collaboration software, ERP- and CRM solutions, file sharing software and much more in an integrated and manageable way.
It also brings with it a couple of very nifty features:
- The identity management component can easily be connected to Active Directory. Thus providers can instantly offer a single, unified way to connect all their offerings with the customers’ existing environment.
- The platform integrates a SAML service, which is used to provide single sign-on capabilities internally and to the apps. But it also can be used to integrate with external apps to provide a consistent experience. In fact, very soon we will make connectors available to Microsoft Office365 and Google Apps for Business.
- Also a customizable and fully brandable portal for user and app management is part of the platform. This also includes self-service functions. For example, it allows users to reset their passwords on their own.
- With these functions every cloud or managed service provider can become the provider of his customers’ identity management system. This opens a lot of opportunities to sell additional solutions.
- With the latest release we provide complete integration of the container technology Docker. And we are now migrating the existing apps into Docker containers. This ensures better app encapsulation. Furthermore, as apps can now be built on top of existing Docker images, the today’s 80 enterprise apps will soon be accompanied by many more. This means: New opportunities for service providers will occur automatically.
Again, this is the only truly open app platform already integrating dozens of enterprise applications with a single identity management system making it possible to run applications in many clouds and on-premises. The technical requirement, by the way, is an OpenStack or VMware-based cloud management system.
Mutual advantages for CSPs, vendors, and enterprises
The open platform provided by the Open Cloud Alliance closes the gap and makes it possible for every cloud or managed service provider to make offerings which respond to the three concerns of enterprises: Security, vendor lock-ins, and interoperability. With this they are well equipped to compete against even very large competitors.
- If you are a cloud service provider and also want to start to compete, I invite you to contact us and we’ll help to get you on board.
- If you are a software vendor, you can enable thousands of end customer organizations, partners, and cloud service providers to instantly work with your software by bringing it on this stack.
- And end user organizations can download the software, play with it, check the apps, integrate and use them in their existing environment.