Cloud Computing: Fact versus Fog

December 2010
 Table of Contents

 Executive Summary
 Foundations of Cloud Computing
 Obstacles and Considerations
 Future of Cloud

December 2010 | Copyright © 2010 Grail Research, LLC 2

 Executive Summary
This presentation addresses the current state of cloud computing, obstacles to business adoption, and expectations for
Purpose the future. This is the first in a series of papers written by Grail Research on the topic of cloud computing and the
investigation of how businesses are adapting to and taking advantage of Internet-based, on-demand computing

News of Cloud is everywhere, and its predominance in IT is a foregone conclusion. In fact, the push to adopt
“Cloud” Buzz
Cloud has been so strong that risks inherent in this model have largely been ignored

The recent economic turmoil and the promise of Cloud leading a renaissance of the tech sector are shaping the
perspective and appetite for Cloud rather than the readiness of the technology itself. Cloud is a powerful tool for
Adoption Haste
mobilizing data; however, there are no regulations, standards, or assurances of data protection from a technical
perspective

Major breaches at Google, Salesforce.com, and Amazon, have exposed the fragility of the Cloud delivery model,
and the fundamental issues of data security, privacy, and standards that have yet to be addressed. Though price
Security Risks
points gained in Cloud can be significant, businesses should weigh advantages against the hidden costs of
compromised data

Analyst sentiment seems to be the sole voice of reason. Principal analysts from Forrester, Gartner, and Yankee
Expert Views cite major security concerns with Cloud. Hackers have also highlighted the vulnerabilities of Cloud and issued a
manifesto of mayhem against it (Black Hat 2009 – Clobbering the Cloud by SensePost)

Assessing your organization’s readiness for Cloud should include the evaluation of hybrid models, hybrid
Opportunity architectures, integration constraints, and innovative data protection methods, that will offer the best approach for
business adoption

Consider the direct business benefits of Cloud for your company and your individual business needs, weighing
Key Takeaways against security and privacy concerns. In the more immediate future, look toward applications focused on
innovative data protection methods, enabling organizations to utilize Public Cloud in a private manner

December 2010 | Copyright © 2010 Grail Research, LLC 3

 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Foundations of Cloud Computing Computing

Foundations of Obstacles and

Cloud Computing Considerations Future of Cloud

Cloud is an evolution, merging virtualization, grid, utility, and web standards

“ Cloud is an evolution. It coalesces grid, utility, virtualization and web standards into a delivery paradigm. The
difference is each of these components are building blocks that solve the specific point problems of
abstracted, on-demand, distributed processing – Tony Bishop (Founder and CEO, Adaptivity)

I don't think it's a revolution as much as it's an evolution. If you want to really say what kicked this thing off,
virtualization was a big precursor to Cloud…I think “Cloud" is a little bit overused right now. I look at it as the
evolution of the data center, to do more scalable processing and computing – Ping Li (Partner, Accel
Partners)

Cloud services have shifted from a year ago. We did a focus group around 12 months ago and they pretty
much took the mickey out of Cloud. It was seen as unrealistic and CIOs weren’t considering it. What’s even
more of a surprise is that in a short period of 12 months, we’ve seen Cloud go from a bit of a joke to a
“
number two priority on the plate of CIOs today, and a very serious consideration that they are taking on
board – Paul Harapin (Director, ComputersOff.org and Ex-MD, Vmware)

Source: SysCon Website; Ars Technica Website; CIO Website

December 2010 | Copyright © 2010 Grail Research, LLC 4
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Defining Cloud Computing Computing

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable
Definition computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction.” – Peter Mell and Tim Grance (NIST)

Essential Characteristics Service Delivery Models Deployment Models

 On-demand Self-Service  Cloud Software as a Service  Private Cloud
 Broad Network Access  Cloud Development as a Service  Public Cloud
 Resource Pooling  Cloud Platform as a Service  Hybrid Cloud
 Rapid Elasticity  Cloud Infrastructure as a Service  Community Cloud

How Do Experts Define Cloud Computing?

“ Cloud computing is an evolutionary technology because it doesn’t change the computing stack at all. It simply
distributes the stacks between the service providers and the users. It is an IT architecture with vertical services
– Steve Jin (Creator of Vmware vSphere Java API)

Applications/functionality delivered via Cloud: Accessible via standard Internet protocols, always available and scaled
to demand, programmable interface, pay as you use, full self-service features – Chenxi Wang (Ph.D., Principal
Analyst, Forrester)

The ‘Cloud’ model initially has focused on making the hardware layer consumable as on-demand computer and
storage capacity. This is an important first step, but for companies to harness the power of Cloud, complete application
infrastructure needs to be easily configured, deployed, dynamically-scaled and managed in these virtualized-hardware
“
environments – K. Sheynkman (Co-Founder, Elastra Corporation)

Source: Sysomos Software Tool; SysCon Website; Forrester Research Website; NIST Website
December 2010 | Copyright © 2010 Grail Research, LLC 5
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Emerging Primary Models for Cloud Deployment

Computing

Major Types of Clouds Definition and Expert Views Key Takeaways

Private Cloud
Public/ Dedicated to one customer/company Private Cloud is more suited for
Private Hybrid
Community organizations that need high-level
Cloud Cloud

Intranet/VPN1
Cloud

Internet Intranet/VPN1
“ CIOs know that what is sometimes dubbed "private
cloud" does not meet their goal as it does not give them
the benefits of cloud: true elasticity and capex
“ security. Though most experts believe
that ‘private cloud’ is an oxymoron,
others argue that the model offers
+ Internet elimination – Werner Vogels (VP and CTO, Amazon) better resource management to current
IT managers
Public Cloud
Made available to the general public for specific
general purposes The Public Cloud model emerged as
a great value proposition for SMB4

USERS
“ Concerns for those deploying in the public cloud are
factors such as the financial stability of the hosting
organization and the hosting organization’s deployment
“ companies and startups

policies – IBM X-Force

Some experts believe that companies
Global Share of Online Discussions24 on Types of are testing the waters by taking limited
Hybrid Cloud services on Cloud before adopting a
Clouds
Integration of two or more types of Clouds (Private, particular cloud computing model
Community, or Public)
1%

12% Private Cloud

Public Cloud
“ The hybrid cloud is an attractive way to take advantage
of cloud computing, and It also means choice for the
customers, and they can determine the adoption speed
“ The Hybrid Cloud model provides
more flexibility than the Public Cloud
model, and is less capital intensive
they want to go at – Tim Crawford (CIO, All Covered)
Hybrid Cloud than the Private Cloud model
35% 52%
Community Cloud Community Cloud
Dedicated to a user/industry group that has shared The Community Cloud model is
N= 49,7813 concerns (mission, security requirements, policy, expected to address the requirements
and compliance considerations) of governments and their agencies

Note: 1Virtual Private Network; 2Discussions during the period 25-Aug-2009 to 25-Aug-2010; 3N may include some articles/posts more than once, if repeated on
different websites; 4Small and Medium Businesses
Source: Sysomos Software Tool; CIO Website; SysCon Website; IBM X-Force: Mid-Year Trend and Risk Report
December 2010 | Copyright © 2010 Grail Research, LLC 6
 Cloud Computing Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing

Market Size and Growth Prospects

The cloud computing market is expected to grow at a double-digit rate in the next 5 years. According to experts, the
Insights SaaS delivery model of cloud computing will lead the growth story. They believe that emerging countries such as India
have the greatest potential for market growth, including opportunities to support outsourcing of Cloud services

Cloud Market Growth

USD
37.8 Bn USD 121.1 Bn
“ We are seeing an acceleration of adoption of cloud
computing and cloud services among enterprises and an
explosion of supply-side activity as technology providers
maneuver to exploit the growing commercial opportunity
“
– Ben Pring (VP, Gartner)

2010 (26% CAGR) 2015

Expert Views Key Takeaways

“ The global cloud computing market is expected to grow from $37.8

billion in 2010 to $121.1 billion in 2015 at a CAGR of 26.2% from
2010 to 2015. SaaS is the largest contributor in the Cloud
computing services market, accounting for 73% of the market's
revenues in 2010 – MarketsAndMarkets Report
Experts believe that SaaS will be adopted by most companies in the
next few years at some level or the other, especially in content
management, collaboration, document management, and customer
management applications

India will not only see a surge in cloud computing services but
companies all over the world will look to India to support their The explosive growth in the cloud computing market will mirror
transition to cloud computing – Steve Ballmer (CEO, Microsoft) greater IT globalization trends, with India leading the market in
outsourced support for Cloud services
By 2012, nearly 85% of net-new software firms coming to market
will be built around SaaS service composition and delivery; by
2014, about 65% of new products from established ISVs will be
delivered as SaaS services. SaaS-derived revenue will account
“ It is estimated that SaaS is growing at a rate five times faster than
for nearly 26% of net new growth in the software market in the software market as a whole
2014…– IDC Report

Note: Comment and Views include key snippets

Source: IDC reports: “Worldwide Enterprise Server Cloud Computing 2010-2014 Forecast”; “Worldwide Software as a Service 2010–2014 Forecast: Software
Will Never Be the Same”; MarketsAndMarkets report: “Global Cloud Computing Market 2010 – 2015” ; EconomicTimes Website
December 2010 | Copyright © 2010 Grail Research, LLC 7
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Traditional IT Delivery Translated to Cloud Computing

Business Value Traditional Delivery Cloud-based Delivery

Consumption Applications Software as a Service (SaaS)

Creation Development Tools Development as a Service (DaaS)

Orchestration Middleware Platform as a Service (PaaS)

Infrastructure Infrastructure and Hardware Infrastructure as a Service (IaaS)

Source: R Wang and Insider Associates; A Software Insider’s Point of View–Understanding The Many Flavors of Cloud Computing and SaaS
( R "Ray" Wang, Phil Wainewright, Michael Cote, and James Governor); Forrester Report; Grail Research Analysis
December 2010 | Copyright © 2010 Grail Research, LLC 8

Four Service Delivery Models
Business
Definition
Value
 Application licensed to
customers
SaaS
 Access through “thin
client interface”, such
as a web browser
 Set of tools and APIs
provided for creating
customized applications
DaaS  Tools provided include
code editors, source
control systems, and
batch scripts
 Hosting for client-
developed applications
PaaS  Applications can be
created using
programming languages
such as Java and .Net
 Fundamental computing
resources (processing,
storage, network, etc.) —
IaaS to run full virtual servers
 Customer has control
over operating system,
storage, and deployed
applications
Note: Comments and Views include key snippets
Source: NIST Working Definition of Cloud Computing; SysCon Website; The Role of Internal Audit, October 2009 (Ernst & Young); TechWorld Website;
SoftwareInsider Website(R "Ray" Wang); Company Websites
December 2010 | Copyright © 2010 Grail Research, LLC
Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing
Expert Views Service Provider
“SaaS is perfect for small businesses, they get the benefits of world-class infrastructure,
enterprise-class features, and no capital investment. Frankly, I'd be surprised if the SMB market
doesn't shift to a SaaS-dominated sector” – Bernard Golden (CEO, HyperStratus)
“The cost of comformity is the lack of flexibility. What will you do 5 years into a True SaaS scenario
when you are locked in and the vendor won’t add the feature or functionality you need?” – R 'Ray'
Wang (Partner, Altimeter Group)
“Just as platform as a service provides enterprise IT with a new model for platforms to run
applications in the cloud, development as a service provides a new model for development tools,
giving developers the power to create applications for the cloud” – Marc Benioff (CEO,
Salesforce.com)
“I think there are going to be thousands of new platform companies -- you the end user can
program it” – Marc Andreesen (General Partner, Andreessen Horowitz and Cofounder &
Chairman at Ning Inc.)
“The advantages of PaaS are - Complete abstraction; considerable cost savings and faster time to
market ; Better security. PaaS makes developers succeed even if they are completely ‘operations
blind” – K. Subramanian (CTO and Advisor, CloudsDirect)
“There are shortcomings in the platform as a service model as well. The biggest problem with
PaaS may be difficulty migrating existing applications from the internal data centre to the cloud” –
Tim O'Brien (Director, Platform Strategy Group, Microsoft)
“Although it is not the first choice, IaaS has an obviously huge market in the enterprise because
there are countless servers sitting in data centers that are prime candidates to move out to IaaS
clouds, and countless more that will be needed in the coming years” – Scott Sanchez (Security
and Privacy Officer, ScaleUp Cloud)
“In short, IaaS and other associated services has enabled startups and other businesses to focus
on their core competencies without worrying much about provisioning and management of
infrastructure” – K. Subramanian (CTO and Advisor, CloudsDirect)
9
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Cloud Computing Continues to Evolve Computing

Expert Views Key Takeaways

“
“There is still a strong need for awareness on the part of folks in the cybersecurity area
about cloud computing. About 21% of those folks involved in cybersecurity, their agencies

A
Requires
are unaware about cloud computing, and 34% of the respondents in total weren't familiar
with the cloud. That is the real key-take away that awareness around the cloud as it relates
to trust and security needs to continue to be increased” – Melvin Greer (Chief Strategist,
Cloud Computing, Lockheed Martin)
Awareness and understanding
of cloud computing is limited
to a small set of IT
Awareness professionals
“…the biggest security threat for cloud computing is lack of awareness about cloud security
and Clarity among the IT Pro's” – Scott C. Sanchez, CISSP (Security and Privacy Officer, ScaleUp
Cloud)

“Public cloud services are generally not providing as much customization as customers

B
want, but the cloud model is gaining popularity both among users who want to sidestep their
companies' IT departments, and from small businesses that want to get out of the IT There is a gap between
business” – Tim O'Brien (Director, Platform Strategy Group, Microsoft) customer requirements and
"Cloud solutions won't come in a box, nor are traditional internal IT technologies and skills existing cloud computing
Requires
apt to seamlessly spin up mission-ready cloud services. Neither are cloud providers so far solutions in the market
Customized able to provide custom or ‘shrinkwrapped' offerings that conform to a specific enterprise's
Solutions situation and needs” – Dana Gardner (President and Principal Analyst, Interarbor
Solutions)

“People are going to want to move data around, they're going to want to ask clouds to do

C
Requires
Cloud
things for them . We don't have any inter-cloud standards. There's a whole raft of research
work still to be done and protocols to be designed and standards to be adopted that will
allow people to manage assets” – Vint Cerf (Co-designer of the TCP/IP, VP and Chief
Internet Evangelist, Google) “ Cloud computing is still
evolving in terms of well-
defined adoption/integration
“When customers are looking to adopt cloud services, they want services that follow standards
Computing
highest standards, even though such services may follow better standards than their
Standards existing infrastructure” – Bernard Golden (CEO, HyperStratus)

Note: Comment and Views include key snippets

Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod Website
December 2010 | Copyright © 2010 Grail Research, LLC 10
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Interest in Cloud Computing Across Geographies

Computing

Share of Discussions1 on Cloud Computing Key Takeaways

46% Certain geographies are better suited to offer Cloud services (e.g., those
with favorable climate conditions to sustain the cooling needs of data
centers)
17%
11% Cloud technologies are dependent on uninterrupted connection to the
9% 7% 6% 4% Internet, which is not possible in all parts of the world where electricity
and Internet connectivity can be sporadic
Rest of
World
The Patriot Act in the US allows the government to subpoena all data
stored within the country. This might not be acceptable to non-US-based
Expert Views organizations

“ “Developing countries may be in a great position to take advantage of

virtualization and cloud computing. During a recent visit to Indonesia, it was
clear the government is struggling with the problem of both building a national
ICT plan (Information and Communications Technology), as well as
consolidating a confusing array of servers, small data centers, and dearth of
policies managing the storage and protection of data” – John Savageau
(President, Pacific-Tier Communications)
“Each country may pass their own laws that govern the provision and use of
online environments” – John Howie (Senior Director, Microsoft)
“  The “Safe Harbor” certification (developed by the US Department of
“Our European customers want to make sure that their data stays in Europe.
Can Amazon guarantee that? That’s never been answered” – Ranjith
Kumaran (Founder and CTO, YouSendIt)
Massachusetts Breach Law protects citizens’ private information,
specifying strict compliance guidelines around storage, access, and
transmission of personal information which will impact how Cloud
service providers handle data
The EU Data Protection Directive does not allow the personal
information from EU or EEA2 to be transferred to any outside country,
which doesn’t adhere to the EU specified compliance mechanisms for
legal data protection
Commerce and European Commission) enables US vendors to
comply with the EU directive through self-certification, thereby
eliminating the restriction on data transfer

Note: 1Online discussions in English on blogs, forums, news websites, and Twitter from software tool findings across regions during the period 25-Aug-2009 to
25-Aug-2010; 2European Economic Area
Source: Sysomos Software Tool; SysCon Website; CloudStorageStrategy Website; InformationLaw Group Website; Official Website of the Commonwealth of
Massachusetts; lawpracticestrategy.com
December 2010 | Copyright © 2010 Grail Research, LLC 11
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Obstacles and Considerations Computing

Foundations of Obstacles and

Cloud Computing Considerations Future of Cloud

The concept of computing resources as a utility is gaining traction among SMBs; however, the economic
model offered by Cloud service providers has yet to prove its strength of scalability to enterprise customers

“ “In the past, energy-efficient performance and connectivity have defined computing requirements. Looking
forward, security will join those as a third pillar of what people demand from all computing experiences” – Paul
Otellini (CEO, Intel)
“It’s a big win for smaller companies to leverage the cloud because you are really saving a lot–it is really
avoiding a large, up-front investment. Five years ago, we would have had to build out a data center and the
sheer cost of that would have made it much more difficult to launch our business. In a traditional data center,
we would need an IT person to rack the system, maintain the servers, and own the hardware, So rather than
hiring someone, we now have software developers that are writing on a very flexible platform that vendor
maintains” – Oliver Friedrichs (CEO, Immunet)
“Right90 didn’t start its business using third-party infrastructure, but the cost savings and flexibility of Cloud
services beckoned. Last year, the company moved out of its data centers in Calgary, Ontario and San
“
Francisco, California and adopted Amazon EC2 with backup to servers located at the firm’s own offices.
The lack of servers to manage has freed up Right90’s IT management team” – Arthur Wong (CEO, Right90)

Source: BusinessComputingWorld Website; CIO Website

December 2010 | Copyright © 2010 Grail Research, LLC 12
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Drivers of Adoption Computing

Expert Views Key Takeaways

“ “In part, this can be explained by macroeconomic factors, The financial turbulence

A
The economic downturn has
of the last 18 months has meant every organization has been scrutinizing every forced businesses to become
expenditure. An IT solution that can deliver functionality less expensively and with leaner, which in turn has fuelled
more agility (remembering that time is money) is hard to ignore against this the adoption of cost-effective
Economic backdrop” – Ben Pring (VP, Gartner Research) Cloud service models
Downturn

B
Technology
“Server technology is in the middle of a renaissance where it is driving Cloud
advancements and Cloud is, in turn, changing servers. Cloud-based ‘scale issues’
will continue to change how servers and software for them are built for years to
come” – Steve Ballmer (CEO, Microsoft)
The success of virtualization and
Internet bandwidth availability has
positioned Cloud services as a
potential market opportunity

Advancements

“In technical terms, cloud computing offers elasticity, pay-as-you-go rather than
Cloud’s on-demand model allows
capital-intensive investment, and no long-term resource commitments. In business

C terms, cloud computing means low cost of opportunity experimentation, high

“
agility to respond to changing business conditions, and the ability to direct capital
investment toward core business activities"– Bernard Golden (CEO,
HyperStratus)
companies to scale up (or down)
as they rapidly restructure to
meet market requirements, with a
pay-as-you-go model instead of
taking on the capital expenses of
Demand traditional IT infrastructure
Expectation

Note: Comment and Views include key snippets

Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod Website
December 2010 | Copyright © 2010 Grail Research, LLC 13

Barriers to Major Adoption
Industry experts believe that there is apprehension among potential Cloud customers about security and data privacy.
Insights Other major concerns include complexity in the integration of cloud-based systems and adherence to
regulatory/compliance frameworks
1 Security and Data
Privacy
“ "Security has been identified as the most
significant issue associated with cloud
computing adoption" – Melvin Greer
(Chief Strategist, Cloud Computing
for Lockheed Martin)
“At this initial stage, the applications and
data being processed in clouds are
predominantly non-sensitive, and the
Cloud services offer minimal or only
generally available security. The cloud
offerings themselves are proprietary
computing islands, with few standards
and only limited possibilities for
interoperability” – RSA (Security
Division of EMC), White paper1
Note: 1The Role of Security in Trustworthy Cloud Computing; Comment and Views include key snippets
Source: Sysomos Software Tool; CIO Website; SysCon Website; ComputerWorld Website
December 2010 | Copyright © 2010 Grail Research, LLC
Integration with
2 Cloud-Based
Systems
Expert Views
"I am 100 percent responsible and accountable
for all technology and every shred of data that
moves in and out of my company, and don't
want IT to be seen as "the say-no people”, but
end users may not foresee the difficulties of
meshing new products with existing technology.
On-premise, we have technology standards.
Nothing like that exists in the cloud. If business
users adopt these things, we CIOs are
challenged in IT to figure out how to integrate
[them] with the rest of our world" – Don Goin
(CIO, Santander Consumer)
14
Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing
Regulatory and
3 Compliance
Issues
“In certain cases, compliance will be impossible, It is
difficult to take full responsibility for who can access
data, who sees it and how it is stored, since the
premise of the Cloud is that customers don't
necessarily need to know or care where their data
is” – Jim Haskin (SVP, Websense inc)
"There is an issue that's looming that hasn't really
been discussed or addressed yet. That is the role of
governance for companies that are consuming the
services versus the role of governance for
companies that are providing the services. On
some level, companies are going to be both
consumers and providers of cloud services” – Joe
McKendrick (Independent Analyst and ZDNet
Blogger)
“
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Addressing Security Concerns Computing

Insights IT managers don’t believe that current cloud computing solutions are at par with on-premise infrastructure solutions. To
address this concern, service providers need to offer:

Information Authentication Data Independent Infrastructure Data

Security Properly identify and Location Audits Access Reliability
Secure sensitive or authenticate users Identify the exact Conduct Limit access to Prevent data loss
confidential before granting physical location of independent physical and maintain
information access to services information assets compliance checks infrastructure where integrity
on services provided applications are
deployed

Customer Apprehensions and Expert Views Key Takeaways

“ “Having core components, such as storage, compute, security, and so on, outsourced to other
cloud providers could mean that your data and application processing exists across many
different physical providers, and the risk of outages, compliance issues, and data leaks
increases dramatically” – David Linthicum (CTO, Bick Group)
There is lack of visibility on legal and
compliance standards, and potential
customers have limited clarity on where and
how the data is stored, and who can access
the data
(2010 Survey on participants in DEF CON) “….belief from the hackers, that cloud vendors are
not doing enough to address the security issues of their services; hackers have identified
vulnerabilities in current cloud technology” – Barmak Meftah (Chief Product Officer, Fortify
Hackers and security experts believe that
Software)
Cloud vendors are not doing enough to
“When vulnerabilities are detected they can be managed more rapidly and uniformly. Cloud address identified vulnerabilities
security is able to respond to attacks more rapidly by reducing the time it takes to install
patches on thousands of individual desktops or hundreds of uniquely configured on-premise
servers” – Mike Bradshaw (Director, Google Federal, Google Inc.) Though vendors/service providers create a
“Attempts to infiltrate or disrupt online service offerings grow more sophisticated as more
“ buzz around their services, they may not be
able to match their claims as infiltration
commerce and business occurs in this venue” – John Howie (Senior Director, Microsoft)
techniques outpace readiness of Cloud
technologies
Note: Comment and Views include key snippets
Source: Ponemon Institute Report; CSA (Cloud Security Alliance); Fortify Software Website; SysCon Website; CIO Website
December 2010 | Copyright © 2010 Grail Research, LLC 15
 ‘Clobbering the Cloud’ Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing

Hackers Issue Manifesto of Mayhem

Insights Security analysts and hackers have demonstrated major loopholes in Cloud offerings

Salesforce.com
Hackers demonstrated how they
were able to circumvent controls to
access restricted resources on the
Force.com platform, which
supports custom source code
upload and execution
Mobile Me
Hackers arrived at a point where
they could read Steve Wozniak’s
mail and even embed JavaScript
for continued access to his account
and services (if they were a bit
more malicious)
1Amazon
Hackers showed EC2’s
vulnerability by carrying out three
separate attacks:
 Starting numerous machines
 Stealing computing
time/bandwidth of other users
 Stealing paid-for 2AMI’s

Loophole: Ways to bypass the

Loophole: Weak password reset Loophole: Resource theft in the
controls on free accounts from
feature and XSS vulnerability in the Cloud sharing environment — a
Force.com in addition to exploiting
application significant concern
a bug in the CAPTCHA script

“It's possible to stitch together the “We showed attacks against the
“By piecing together publicly Amazon EC2 platform that do not
free resources to produce a
available information, we can target specific weaknesses in
useable computing platform that
generate a profile that is sufficiently technologies; rather the processes
can take advantage of the
complete for a password reset, by which complex actions took
expanded resources without
which points to flaws within the place were abused to our benefit”
incurring cost to the attacker…”
reset process” – SensePost – SensePost
– SensePost

“
“ With the exploitation of Google BlogSpot and Mobile Me, we are again seeing two common spamming practices converge –
CAPTCHA breaking techniques and exploitation of free hosted services – Mark Sunner (Chief Security Analyst, MessgeLabs)

Note: 1Amazon Machine Instances

Source: SensePost Website; Black Hat 2009 - Clobbering the Cloud; Grail Research Analysis
December 2010 | Copyright © 2010 Grail Research, LLC 16
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Recent Threats Validate Security Concerns Computing

“
“
The security of these Cloud-based infrastructure services is like Windows in 1999. It’s being widely used and nothing
tremendously bad has happened yet. But it’s just in early stages of getting exposed to the Internet, and you know bad
things are coming – John Pescatore (VP, Gartner Fellow)

Jan 2010: A hacker uses the Google Street View data to stalk victims. The attacker is able to track his victim
in few seconds without even using IP address information

"The interesting bit is I'm not piggybacking off of the browser's geo-location feature. I simply re-implemented the
feature as a server-side tool. This way if I can obtain the user's router's MAC address in any way, regardless of
browser, nationality, or age, I can typically determine their location and show up at their place with pizza and
beer later that night“ – Samy Kamkar (Co-Founder, Fonality Inc.)

Dec 2009: Zeus botnet was spotted on Amazon’s Elastic Computing Cloud (EC2) Cloud computing network. It
was running an unauthorized command and control center:
 Zeus botnet enables hackers to steal login credentials, account numbers, and credit card information
through the creation of fake HTML forms on banking login pages
 More than USD100 MM was lost in bank fraud due to Zeus botnet attacks in 2009
 The hacker may have stolen the password from the desktop of a user

"I think it's more a target of opportunity than a target of choice” – Don DeBolt (Director, Threat Research, HCL
technologies)

July 2009: Twitter corporate and employee information was infiltrated at the top levels of the organization,
including the CEO Evan Williams’ personal email. The individual behind the attacks accessed nearly 310
documents containing confidential information belonging to Twitter. The hacker sent documentation to Tech
Crunch, the elite media organization that covers tech trends, to prove the attack

"It's a message I wanted to get out to Internet users, to show them that no system is invulnerable”
– Francois Cousteix (Hacker Croll, in his interview with French media on hacking the Twitter account)

Source: CIO Website; Snipe Website; Sean-Barton Website; Dark Reading, Computer World blog; TechCrunch
December 2010 | Copyright © 2010 Grail Research, LLC 17
 Pros and Cons to Cloud Adoption
by Company Size
SMB Large Enterprises
PROS
 Innovation flexibility at low
operating expense and no capital
 Allows large enterprises to focus
on core business activities instead
expenditure of IT infrastructure
 On-demand scalability to  Lower cost of power, space, and
synchronize with market dynamics data center maintenance by taking
non-critical services out of data
 Ability to access information
centers
regardless of location
 Risk of hardware and software
obsolescence transferred to Cloud
service provider
CONS
 Security, privacy, and compliance  Complex integration of legacy
concerns systems with Cloud systems an
 Network latency hinders obstacle; needs can be greater
application performance than current Cloud capabilities
 Increase in security threats due to
 Cost of hardware rapidly adoption of Public Cloud
decreasing — can be a future  Legal compliance and regulatory
concern issues if operations in multiple
countries
 Highly skilled IT staff and sunk
investments in existing hardware
infrastructure may also act as a
deterrent to move to Cloud
Note: Comment and Views include key snippets
Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; ReadWriteWeb Website; PCWorld Website; MyBroadband Website
December 2010 | Copyright © 2010 Grail Research, LLC 18
Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing
Expert Views
“ “Companies such as AllenPort and ARC offer SMEs good
software at affordable prices with the flexibility to adjust usage
on an as-needed basis. The service model meets the financial
needs of SMEs while protecting them from the risks of non-
genuine software” – Charl Everton (Anti-Piracy Manager,
Microsoft SA)
They (Mid-sized companies) face rapidly changing markets and
need to avoid being locked into a capital investment or any
particular mode of operations. The call option that cloud
computing represents — the ability to change in the future
without a penalty — is critical to a midsized company trying to
succeed in a world of giant competitors and disruptive change”
– Bernard Golden (CEO, HyperStratus)
"I would argue, however, that if you have existing IT
investment, or you have requirements that push beyond the
limits of today's cloud computing technology or business
models, you should consider not choosing at all” – James
Urquhart (Blog Network Author, CNET)
“What holds back large companies is, in a sense, their success
with the previous generation of computing. Because they could
invest in the old model, they've now got an installed base of
hardware and a large, top-notch technical staff on hand.
There's pressure on these businesses to justify the sunk cost of
their hardware infrastructure, so they tend to more toward a
“
vision of private cloud computing” – Bernard Golden (CEO,
HyperStratus)
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Economic Model and Hidden Cost Computing

Cloud has been positioned as an alternative to on-premise infrastructure; however, experts believe that it is not always
Insights the most appropriate IT solution. Other factors that should be considered include cost of Internet bandwidth, third-party
support, and barriers to switching Cloud service providers or changing back to a on-premise infrastructure

Expert Views Key Takeaways

Economic Model
“Risks, such as, hardware and software technological obsolescence, are
transferred; although many considerations, including security, interoperability,
lock-in, business process governance, and management remain, and need to
be properly evaluated” – Ray DePana (Industry Consultant, NSF1)
"I believe that the future of data centers is in the cloud because companies will
be drawn toward paying $10 per month on hosted Exchange services instead
of spending $10,000 on an in-house implementation of Exchange Server” –
Tim Crawford (CIO, All Covered)
 Economic evaluation of Cloud adoption vs. on-premise infrastructure setup
varies under different business scenarios. There should be a thorough
internal due diligence on business requirements
 There is no widely accepted framework to assess the value proposition of
various Cloud services vs. on-premise infrastructure setup
 The IT community is divided — whether Cloud services are a business
decision or a technology decision

Hidden Cost
“…our analysis indicates that once you’re sending over 50 gigabytes of data
daily (or a terabyte a month costing you $150 on Azure, for example), it may
make sense to leave the cloud and buy your own bandwidth to the Internet –-
you’ll probably save 50 percent of your monthly bandwidth charges” – Allan
Leinwand (CTO-Infrastructure Engineering, Zynga)
 Bandwidth Cost: Cloud services are delivered over the Internet; Internet
bandwidth usage and charges increase as resource utilization rises
 Third Party Support: Regulatory and compliance guidelines may require a
third-party auditor or application, which will lead to additional cost and
complexity
 Cloud Switch: Cloud computing service providers, eager to capture the
market, use proprietary mechanisms to deploy applications and store data.
This can lock the customer to a provider or increase complexity/cost when
switching providers/infrastructures

Note: 1National Science Foundation Initiative on Computational Thinking; Comment and Views include key snippets
Source: CIO Website; SysCon Website; GigaOM Website; CloudEco Blog; Linkedin; “Do Clouds Compute? A Framework for Estimating the Value of Cloud
Computing” by Markus Klems, Jens Nimis and Stefan Tai; SmartDataCollective Website
December 2010 | Copyright © 2010 Grail Research, LLC 19
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

How Green is Cloud? Computing

Experts see the potential of cloud computing for “Green IT” through efficient power consumption; however, skeptics
Insights claim that there is no comprehensive framework to assess the value proposition of “Green Cloud”

Green Lining to Cloud Skepticism and Uncertainty

 Cloud computing providers strive to maximize the performance of
their operations and can achieve higher utilization rates than in-house
data centers
 Cloud data centers can be developed at strategic locations, or
integrated with renewable sources of energy
• Hewlett-Packard developed a wind-cooled data center in England
• Google’s data center in Saint-Ghislain, Belgium, functions without
chillers
 According to a survey by Rackspace Hosting1, only 20% believe that
hosted solutions play a role in making their firm greener. An
additional 34% of those customers are currently trying to evaluate the
efficiencies and ‘greenness’ of Cloud.
 As more and more enterprises opt for Cloud, data centers end up
using more electricity to run computers, as well as meet back-up and
cooling demands. Experts believe that Cloud companies may choose
output over environmental considerations in the future

Expert Views Key Takeaways

“ “In theory, a shared resource like Amazon or Google's public clouds can have higher utilization and
thus greater power efficiency. Locate your cloud data center close to a green power source, like a
hydro plant, and you can minimize transmission line power losses and be even greener”– Marc
Hamilton (VP of Cloud Computing Sales, Sun)
“I’m sure that if you were to compare a traditional data center deployment to a near exact
Experts maintain that Cloud is greener than
individual data centers, however, there is a long
road ahead in substantiating

replication in the Cloud you'd find the Cloud to be more efficient, but the problem is there currently
is no way to justify this statement without some kind of data to support it” – Reuven Cohen (CTO, Cloud allows companies to scale down IT
Enomaly Inc.)
resources when demand is low, reducing their
“So, in a sense, the "greenness" of Cloud computing is a kind of Schroedinger's box problem today, carbon footprint significantly
in which we won't know the actual savings to the environment until someone actually observes--or
measures--it” – James Urquhart (Product Marketing Manager of Cloud Computing, Cisco
Systems) “ Green cloud as a concept depends on the
"Cloud doesn't save power but displaces it. Ultimately, roughly the same power is drawn from the ability of Cloud providers to meet their
grid, just by different companies. So it's no greener. Cloud is more about dealing with company- increasing demands through renewable sources
specific issues than planetary ones” – Andy Lawrence (Research Director, 451 Group) of energy
Note: 1 Based on 167 customer responses from email Survey conducted by Rackspace Hosting globally in 2009; Comment and Views include key snippets
Source: SysCon Website; ComputerWeekly Website; GreenBiz Website; Rackspace Hosting Survey Report; Greenpeace Report; CIO Website
December 2010 | Copyright © 2010 Grail Research, LLC 20
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Future of Cloud Computing

Foundations of Obstacles and

Cloud Computing Considerations Future of Cloud

Over the last few years, start-ups and small businesses have proposed innovative solutions to mitigate the
risks associated with cloud computing, and are competing with leading players in the Cloud space

“ “I believe that Cloud computing is a powerful trend – the next platform shift in computing. It will profoundly change the
way organizations do their computing. Proof is in the fact that major vendors like IBM, Google, and Microsoft are
investing tens of billions of dollars in building out their Cloud infrastructures. Those who characterize Cloud computing
as mostly hype have short memories. It was barely a decade ago that many people characterized the Internet as
mostly hype” – Bernard Golden (CEO, HyperStratus)

“So, in terms of the first movers and the environment now, it’s going to look very different. Anybody who carved out
some space right now and some lead in the market in Cloud shouldn’t feel too comfortable about their position,
because there are companies we don’t even know about at this point, that are going to be fairly pervasive and have a
lot to say about IT five years from now” – Jim Reavis (Executive Director of Cloud Security Alliance (CSA), and
President, Reavis Consulting Group)

“Password resetting and other security mechanisms in the Cloud are always going to be a weak link, as long as user-
friendliness comes ahead of security in Cloud computing beauty stakes. Expecting regular joes to whip out a two-
factor authentication device for use with a Cloud-driven service just isn’t realistic. It’s not going to happen” – Andy
“
Cordial (MD, Origin Storage)

Source: CIO Website; NetworkWorld Website; ReadWriteWeb Website

December 2010 | Copyright © 2010 Grail Research, LLC 21
 Consolidation in the Ecosystem
Increasing Cloud Focus
Insights
“VMware delivers
virtualization and cloud
infrastructure solutions
that enable IT
organizations to energize
businesses of all sizes” –
VMware Website
“CA Technologies is an IT
management software
and solutions company
with expertise across all
IT environments—from
mainframe and physical
to virtual and cloud” – CA
Website
Note: Comment and Views include key snippets
Source: Company Websites
December 2010 | Copyright © 2010 Grail Research, LLC
Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing
Established Cloud service providers have switched gears towards consolidating their present offerings due to increasing
focus on Cloud in the market place
“Customers are increasingly looking for ways to take advantage of the flexibility
and new services in the public cloud and want to extend the security and
control of their private clouds to this new environment…TriCipher brings to
VMware important authentication and identity technologies that will accelerate
our delivery of new solutions for hybrid cloud integration and end user
“TriCipher offers secure computing” – Brian Byun (VP & GM of Cloud Services and Applications,
cloud access VMware)
management with easy-
+ to-deploy, powerful
identity solutions that
“TriCipher has been a pioneer in the field of identity and access management
as a service, providing secure authentication and seamless single sign on
address today's pressing access to over 3,000 public and private Web and SaaS applications…We are
business problems” – excited to join the VMware family and further build on our foundational
TriCipher Website technology to fulfill VMware’s cloud and end user computing vision” – John De
Santis (Chairman & CEO, TriCipher)
"Controlling identities and their access to information is a critical area of
security. The combination of Arcot's software-only approach to advanced
authentication and fraud prevention and our CA SiteMinder portfolio gives our
customers robust and flexible options for reducing risk, supporting regulatory
compliance and confidently securing business transactions”
“Arcot is the Cloud
– Dave Hansen (GM, Management Products and Solutions and Security, CA
authentication leader. Its
Technologies)
fraud prevention, strong
+ authentication and e-
Document security
“Identity is a critical area for security whether you’re talking about in-house or
the cloud, and with 120 million identities verified by our solutions today, we
solutions are easily
bring a strong, solid recurring revenue base as well as sources of new growth
deployed, low-cost, and
opportunities for CA Technologies”– Ram Varadarajan (President & CEO,
extremely scalable” –
Arcot Systems)
Arcot Website
22
 Recent Acquisitions Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing

Is Cloud driving acquisitions?

Microsoft, IBM, and Sun offer security within the operating system — Google and Amazon have security features in their
Insights apps, but Intel’s acquisition of MacAfee seems to have redefined the security landscape with a potential to embed
security within the chip. Some experts believe that this will lead to more secure Cloud offerings in the future

Companies Acquisition Expert Views

Aug 2010: “Instead of running above OS, we have to think about using security at a lower
level of the stack…I'm looking forward to one year from now when I 'm standing before you
all and we're talking about a whole other era” – Dave DeWalt (CEO, McAfee)

“The other major shift impacting Intel’s core market is the trend toward Cloud Computing,
…. So the acquisition of McAfee could do three things for Intel:…It provides the capability
for Intel to develop security within a cloud computing infrastructure” – Pat Clawson
(Chairman & CEO, Lumension)

Aug 2010: "With Fortify’s leadership in static application security analysis combined with
HP’s expertise in dynamic application security analysis, organizations will have a best-in-
class solution to improve the security of their applications and services” – Bill Veghte
(Executive VP of Software and Solutions, HP)

Jul 2010: "With BigFix software integrated with IBM software offerings, IBM clients will be
able to more easily manage and secure their PCs and laptops, a complex task as the costs
and risks associated with security threats continue to grow” – Steve Robinson (GM of
Security Solutions, IBM)

Sep 2006: “Information security continues to dominate the spending intentions of CIO’s
around the world. The battlefront in security has quickly shifted from securing the network
perimeter to protecting and securing the information itself—wherever that information lives
and wherever it moves” – Joe Tucci (Chairman, President & CEO, EMC)

Note: Comment and Views include key snippets

Source: Gigaom Website; eSecurityPlanet Website; Company Websites
December 2010 | Copyright © 2010 Grail Research, LLC 23
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Initiatives to Address Security Concerns Computing

Nippon Telegraph & Telephone Corporation

Microsoft – CloudProof
and Mitsubishi – Advanced Encryption Scheme
 CloudProof has been proposed as a system to secure Cloud storage in a  Nippon Telegraph and Telephone Corporation, and Mitsubishi Electric
Microsoft Research Paper. The system will address the issue of security by Corporation have developed a new encryption system that provides
adding SLA-level guarantees, thus increasing Cloud adoptability complex and “fine-grained data transmission/access control”
 IT identifies four key Cloud storage characteristics: confidentiality, integrity,  This scheme uses a mathematical approach called “dual pairing vector
write-serializability (ensuring data is updated in the right order), and read spaces” to allow confidential information access
freshness (reads most recently updated data file). The proposed Cloud
 The encryption scheme is proposed to be used in cloud computing and
storage system, CloudProof, can detect and prove security violations to
other advanced network services to attain secure environments
these properties
 The advantage is that hackers cannot gain information from encrypted data,
however, they can still infer information from Cloud access patterns

CloudProof will detect and prove security violations across four The Advanced Encryption Scheme applies advanced logic in
storage characteristics encrypting and decrypting to provide a secure Cloud environment

IBM – Homomorphic Encryption Scheme Trend Micro – SecureCloud

 IBM is working on an encryption system that will allow the searching of data  Trend Micro has launched an encryption solution called SecureCloud
in an encrypted format
 This solution is provided through a single web portal and supports Vmware,
 "The point is to allow others to manipulate your encrypted data without Eucalyptus, and Amazon Elastic Compute Cloud
revealing it to them. For example, in cloud computing you want to store your
 SecureCloud uses key management technology and standard encryption
encrypted data files out on the cloud, so that you can access it from
services to provide data security and privacy to Cloud users. Unlike other
anywhere. But you would also like to be able to search your data with some
Cloud security services, the encryption keys remain exclusively with the
combination of keywords, then just decrypt the query results…”
user
 “The usefulness of the scheme is still limited by the fact that, as more
 “Security has been one of the greatest inhibitors to Cloud Computing
operations are performed, successive encrypted answers degrade,
adoption. Now, as Cloud Computing takes shape and enterprises are
becoming ‘dirty’” – Craig Gentry (Researcher, IBM)
starting to put data in the Cloud, security must evolve to protect and control
the data” –Steve Quane (Chief Product Officer, Trend Micro – Cupertino, CA)

When operational, the Homomorphic Encryption Scheme will be

SecureCloud gives enterprises ultimate control over the data
able to search, sort, and process encrypted data
Source: Microsoft Website; Mitsubishi Electric Website; SmartTechnology Website; SysCon Website; WorldCadAccess Website; InformationManagement
Website; Microsoft Research Paper Abstract (Raluca A. Popa (MIT), Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang (Microsoft Research))
December 2010 | Copyright © 2010 Grail Research, LLC 24
 Buzzing Startups Foundations
Obstacles and
of Cloud Future of Cloud
Considerations
Computing

Address Cloud Security Issues

Some startups have adopted a hybrid methodology in their Cloud products to address concerns about security,
Insights bandwidth capacity, and reliability. This approach allows them to use various encryption methods and other proprietary
ways to secure data stored on Cloud, and it also allows users to work offline with higher performance levels

Companies Product Offering Concept CEO

Data and applications are stored and run locally on the PC while
instantaneously mirroring the data to Cloud. Data is encrypted
Cloud-Client Joel Allen
prior to transmission and decrypted only upon call back

Egnyte’s hybrid technology leverages the benefits of accessibility

Cloud File Server and flexibility of Cloud storage integrated with the performance of Vineet Jain
local storage

‘Direct to vault’ online technology offers an innovative way to

Cloud Content
securely store, share, backup, organize, and remotely access Dennis J. Cindrich
Management Program digital assets using one integrated solution

On-premise policy server and cloud-based scanners are

Web Service Hybrid
integrated to assure off-premise remote access security John Vigouroux
(SWS-H) adherence

The focus is to protect data where it resides. AES encryption is

CTERA Portal™
used before data is sent to its online backup destination. In Liran Eshel
and CloudPlug™ addition, users get an option to encrypt local disk storage

Off-Premise On-Premise
Synchronization

Source: BusinessWeek Website; AllenPort Website; Digi-Data Website; CTERA Website; Egnyte Website; TechcrunchIT Website; M86Security Website;
CRN Website
December 2010 | Copyright © 2010 Grail Research, LLC 25
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Business Models and Offerings will Evolve Computing

Expert Views Key Takeaways

A “
An ecosystem of Cloud service
evaluators, aggregators, and integrators
“Some compliance requirements demand that relevant data be encrypted both at
will emerge to address growing customer
rest and in transit. Many of the cloud providers do not support that” – Chenxi
concerns and potential business
Wang (Ph.D., Principal Analyst, Forrester)
opportunities. Cloud computing presents
Improved an opportunity to monetize open source
Compliance and “Customers will care more about service level agreements than the brand name applications/tools
Service-level of technology components. …Integration will emerge as the key enabler and
choke point” – R. ‘Ray’ Wang (Partner, Altimeter Group)
Agreements
IT managers are optimistic about Software
as a Service (SaaS) being the key source
of future efficiency gains

B
Evolving
“Service providers will compete not just on price, but scalability, efficiency, and
SLAs” – Stephen Fosket (Recipient of Microsoft MVP award)
Mid-size companies are more likely to
adopt Cloud services over the next few
“…Emerging Cloud based business models like gaming as a service, content
Business Models driven clouds, cloud computing can help monetize open source software…” – years, especially Infrastructure as a
Krishnan Subramanian (Chief Technologist/Advisor, CloudsDirect) Service (IaaS)

Potential customers will be more

“Single function clouds will evolve to deliver a suite of service offerings to their

C
concerned about flexibility, control, and
clients or be acquired by others providing multiple cloud service offerings, as
growth from cloud computing services,
clients will not want to manage an endless stream of cloud service providers for
rather than security
every workload they outsource” – Ray DePana (Industry Consultant, NSF1)
Integrated/
Customized By 2012, cloud computing is predicted to
Service Offerings
“From a strategic differentiation point of view, organizations must enhance
product offerings with services, improve the customer experience with loyalty
top of mind, and tailor personalized experiences that support self-service
“ gain widespread acceptance with
corporate data centers as 20% of
businesses globally are expected to own
options and mobility” – R. ‘Ray’ Wang (Partner, Altimeter Group)
no IT assets

Note: 1National Science Foundation Initiative on Computational Thinking; Comment and Views include key snippets
Source: SoftwareInsider Website; Ulitzer Website; GestaltIt Website ;Forrester Report; SysCon Website; InfoWorld Website, Gartner Report; LinkedIn
December 2010 | Copyright © 2010 Grail Research, LLC 26
 Foundations
Obstacles and
of Cloud Future of Cloud
Considerations

Cloud – The Way Ahead? Computing

The evolution of Cloud marks a fundamental shift in our relationship with

electronic assets and our access to that data and information

The Cloud offers great promise; however, companies seeking to implement

cloud-based applications have concerns about the security and privacy of public
cloud providers. Until providers offer sufficient clarity and assurance on these
topics, their customers will implement data protection and security methods on
their own which enable them to overlay a private cloud functionality on top of the
public cloud offering1

Hybrid architectures that offer encryption of data at the local or client level, prior
to transmission to the Cloud may offer a path forward for business consumption,
thereby combining the best of on-premise functionality with that of hosted
solutions for these on-demand services

If you are evaluating a Cloud initiative, always assess your company’s readiness, measuring the cost and
benefit for your business within the context of the competitive landscape. Consider:

 What are the direct business benefits of Cloud for my company? Why would I ‘rent’ rather than ‘own’?
 Will a Cloud solution support my business needs, or am I losing functionality for a perceived price benefit?
How does my solution provider’s roadmap align with my business needs?
 How are my Cloud solution providers establishing standards and maintaining the security and privacy of my
information and by extension, my clients’ information?

 What are my competitors doing in this space? Are they pursuing private, public, or hybrid initiatives?
Note: 1Grail interviews with Bernard Golden (CEO, HyperStratus); Chenxi Wang (Ph.D., Principal Analyst, Forrester)
Source: Grail Research Analysis
December 2010 | Copyright © 2010 Grail Research, LLC 27
 For More Information Contact:
Jocelyn DeGance Graham
 (jdgraham@grailresearch.com)

About the Author

Jocelyn DeGance Graham - Named by United
Business Media’s CRN as one of the 100 most
influential women in IT, Jocelyn currently leads the
Grail Research Cloud Center of Excellence and
Cloud research practice. Jocelyn has deep
expertise in the areas of marketing,
communications and research and has spent the
majority of her career advising Fortune 100
companies including Hewlett-Packard, Intuit, and
Arthur Andersen on strategic emerging technology Copyright © 2010 by Grail Research, LLC
decisions. Prior to joining Grail Research, Jocelyn
directed the marketing program for an award No part of this publication may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means —
winning Cloud startup which was recognized by electronic, mechanical, photocopying, recording, or otherwise — without
Gartner as one of the ‘Coolest Emerging the permission of Grail Research, LLC
Technologies’ of 2010. She holds a Master’s
degree in Industrial/Organizational Psychology
and a Bachelor's degree from University of
California, Santa Barbara.

December 2010 | Copyright © 2010 Grail Research, LLC 28