Cloud computing is the latest superhyped concept in IT. However, it is simplistic to look only at the hype around the high-level term. As aspects of the cloud move into mainstream adoption, there will be misunderstandings, overestimations and underestimations that will cause users to have doubts and be disillusioned. There will be misuse and miscommunication among users and vendors, making it a subject that is ripe for Gartner's Hype Cycle. As usual, in cases like this, there is indeed overhype, but also benefits. Understanding those benefits requires tearing apart the hype surrounding cloud computing (just at the Peak of Inflated Expectations, and headed for the Trough of Disillusionment), and looking at the many more-granular topics, which are all part of the cloud phenomenon. This follows the pattern observed with other similarly broad labels as "the Internet" and "the Web."

Our special report "The What, Why and Where of Cloud Computing," which references other research, provides a good overview of the details of cloud computing and the many issues facing enterprises today. With hype comes confusion. While cloud computing is about a very simple idea — consuming and/or delivering services from "the cloud" — there are many issues regarding types of cloud computing and the scope of deployment that make the details not nearly so simple. Everyone has a perspective and an opinion; confusion is rampant. Misconceptions abound, especially as it relates to cost cutting. Cloud is often part of cost-cutting discussions, even though its ability to cut costs is often a misconception. Although cost is often part of the discussion, the other part is around capabilities, agility, speed and innovation. These are the potential benefits that can be overlooked if hype fatigue sets in.

This Hype Cycle for Cloud Computing identifies which aspects of cloud computing are still primarily in the hype stage, which applications/technologies are approaching significant adoption and which ones are reasonably mature. Figure 1 shows that there are an overwhelming number of technologies that are "pre-peak," which is not surprising, because many technologies are new. Although the term "cloud computing" is relatively new, it incorporates derivations of ideas that have been in use for some time. Hosting, software as a service (SaaS) and virtualization are well-established and being used in many ways. The prevalence of inexpensive computing power, inexpensive bandwidth, and companies that have developed extensive capabilities in managing large data centers are all relatively new and are all required for the cloud to come to fruition. Newer concepts, such as private cloud computing, elasticity, cloudbursting and application platform as a service (APaaS) are taking these ideas and innovating in myriads of ways that cloud can be used.

As awareness of cloud computing continues to increase, as does the subsequent confusion and a gradual understanding of the inevitability of many of the concepts. As cloud computing moves beyond the pure hype stage and into the beginning of mainstream adoption, it is important to dig beyond the main cloud term to the actual ideas and technologies to dodge the hype and take advantage of the benefits that exist. As always, once the hype dies down, the true value will arrive.

This Hype Cycle covers a broad collection of concepts and technologies associated with cloud computing. It is the first instance of this Hype Cycle.

Most cloud computing technologies and concepts are more than two years from mainstream adoption, with the exception of certain types of SaaS, such as sales force automation. Many cloud technologies and concepts will see mainstream adoption in two to five years. Some of the more-impactful items include APaaS, virtualization, elasticity and private cloud computing. Some technologies and concepts will take five to 10 years (such as cloudbursting/overdraft, and cloud/Web platforms) for mainstream adoption to occur (see Figure 2).

Analysis By: Frank Kenney; Daryl Plummer; Benoit Lheureux

Definition: Cloud services governance (CSG) is a discipline focused on coordinating, monitoring and management of cloud service interactions. These interactions may take place from service to service, from service provider to service consumer, or across collections of services regardless of whether the governance technologies are deployed as a service offering or on-premises. The discipline involves six characteristics of governance that are significant to cloud services: visibility, management, monitoring, measurement, provisioning and validation. Within these characteristics, CSG is supported by three areas of governance well-suited to the needs of cloud computing. Cloud services brokerage, integration as a service (IaaS) and service management are critical disciplines that overlap to provide a complete picture of the emerging means of governing cloud services. Cloud services brokerage allows companies to define and enforce service policies at design and runtime. IaaS is used for provisioning connections among various cloud-based on-premises applications and for implementation of in-line translation of service formats and data when required.

Position and Adoption Speed Justification: Although the realities of cloud computing and cloud services are just beginning to be understood, providers of these services are mostly leveraging technologies like service management to manage the overall health of the services and the underlying infrastructures. While some technologies, for example, HP's Business Availability Center (BAC), allows providers to measure the satisfaction of consumers, products and services providing brokerage capabilities used in conjunction with service management will give consumers and providers visibility into met and unmet expectations. In addition, the fairly well-understood area of IaaS supports much of what is needed at the software infrastructure level to integrate cloud services with on-premises consumers that include both applications and processes. While IaaS is commonly deployed in many stand-alone IT projects today, it will also be embedded in more-complete CSG solutions over time. We expect these technologies, services and business models to mature rapidly as the adoption of cloud computing and the consumption of cloud services increase.

User Advice: Governing the interactions between consumers and service providers will be a mandate for any company using software as a service (SaaS) or other cloud-based services and offerings. Even when the need for trust is minimal, formally acknowledging that level of trust should be a mandate. The more you increase your dependence on cloud-based services, the more you will need to establish and implement your required degree of trust between the consumers and providers of the service. It will not be a "one size fits all" determination.

Business Impact: Although cloud service brokers may be delivered through technology, there's still a need for brokerage businesses to implement and support these brokers. A brokerage is a service business, whereas a broker may simply be B2B technology. Managed service vendors and B2B gateway businesses will be very familiar with these concepts, as are SOA governance technology vendors. However, the cloud doesn't include an assumption that service providers calling themselves "brokerages" will exist (in most instances). We believe that service brokerages are one of the most necessary and attainable opportunities for cloud service providers. There are three areas of business impact:

• Companies will increasingly desire strong brokerages to define and establish policies to support trusted, distributed service environments.
• Service providers, for example, Google, salesforce.com, etc., will increasingly desire brokerages so that they can extend high levels of trust to user communities.
• IaaS providers and telecom providers will want to deliver brokerage services that go beyond today's integration service offerings.

Benefit Rating: Transformational

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: Inovis; Sonoa Systems; SOA Software; Vordel

Recommended Reading: "Magic Quadrant for Integrated SOA Governance Technology Sets"

"What's Between You and the Cloud?"

"Three Types of Cloud Brokerages Will Enhance Cloud Services"

Analysis By: Frances Karamouzis

Definition: There are two distinctly different areas of cloud-driven professional IT services and solutions.

The first area includes all types of consulting, advisory, deployment and testing services provided to enterprises from professional IT service companies. IT service companies assist clients in understanding and navigating the various areas of cloud computing. This includes business advisory services to strategically help clients determine the potential impact on their business model, options for shifts in their technology architecture or future opportunities. The IT consulting, deployment and testing services include all types of IT services related to pilots or full engagement of all types of cloud computing in their IT portfolios. Cloud computing can be categorized across different layers of technology architecture, including system infrastructure, application infrastructure, applications, information, business process and ecosystem management. Thus, consulting, advisory, deployment and testing services cross different areas and may include multiple IT service companies.

The second area of cloud-driven professional IT services and solutions includes all types of solutions that are developed, bundled, and packaged as outsourcing offerings, where the IT service provider leverages one or more cloud computing technologies within the solution's overall architecture. Gartner refers to these IT services as "cloud-leveraged outsourcing offerings" — for example, a platform business process outsourcing (BPO) offering, where the business process and application layers of the solution are indigenous to the IT service provider, and the infrastructure is delivered through the cloud. With so many elements to each outsourcing layer (BPO, application outsourcing and IT infrastructure), the combination of the different types of cloud-driven professional IT services and solutions is extensive.

Position and Adoption Speed Justification: The first area (consultative and advisory services) of these cloud-driven professional IT services and solutions will continue to be strategic and high-impact IT services, where many service providers will seek to take a thought- leadership position. Gartner will be working on a forecast to determine the market size and growth. The second area, cloud-leveraged outsourcing offerings, is embryonic, and many of the IT service providers have not yet fully marketed and priced their offerings. The market potential is quite high, but a number of proof points and milestones need to be reached. Here again, Gartner will be working on a forecast to help determine the market size.

As the adoption of cloud computing accelerates, so, too, will all types of advisory services that professional IT service firms deliver. The leading firms have already assigned senior-level global leaders to be directors or "cloud computing czars," supported by consulting teams of professionals that are leading the efforts to educate and assist clients with questions related to the impact of these new disruptive technologies. Furthermore, many professional service firms have reported many ongoing strategic assessments and IT planning work with clients.

These firms have begun extensive R&D efforts and created solution architecture teams to formulate, architect, construct and test their outsourced offerings. Several have also formalized relationships with key cloud computing vendors, such as Google and Amazon, to utilize portions of their solutions in their outsourced offerings. All these offerings are extremely embryonic, and many are only in the development stages. Many of the vendors that Gartner has interviewed have not yet completed their go-to-market strategies, their pricing models and, most importantly, service-level agreements (SLAs).

It's important to monitor this area, because these new products are likely to be the most disintermediating offerings on the market, as well as the biggest paradigm shift for enterprise buyers. The primary reason is that the mature and established IT service firms have extensive risk management structures that form the basis of how they define and contract SLAs for their solution offerings. Thus, they will be focused on understanding, architecting, testing and ensuring that scalability, predictability and manageability of the entire end-to-end solution (including the cloud-based portion) will be what the IT service can support. This will be critical to the adoption and growth of cloud computing technologies.

Although these outsourced solutions are in their early stages, it is important to monitor the investments and early offerings of the IT service providers.

User Advice: With regard to consultative advisory and system integration services, the long-standing Gartner advice to incorporate all choices in the enterprisewide sourcing strategies and management life cycle is critical. Additional due diligence should be done during the evaluation and selection process, as well as the contracting process, due to the relatively new area of cloud computing and the incredibly dynamic and fast-growing technological changes being introduced.

With regard to outsourced offerings that leverage cloud computing, a significant number of offerings that IT service providers are introducing are in development or being piloted. As a result, each class of offering — whether an infrastructure utility solution leveraging cloud infrastructure or a software-as-a-service-based solution leveraging an application infrastructure or other types of business services — needs to be thoroughly evaluated for all the key risk areas.

It is critical that organizations maintain the appropriate level of ownership for governance to ensure that they drive the right behaviors among vendors to manage overall service delivery and contingency planning. Due to the embryonic nature of outsourcing solutions, at times, keep the resolution of operational issues separate from the resolution of commercial terms to ensure continuity of service and business. The enterprise approach and culture must support a problem-solving, rather than punitive, mentality when problems arise, as they undoubtedly will with embryonic technologies.

With regard to structuring the deal, enterprises must have accurate and usable end-to-end, service-level definitions that they can use to shape integration points, and manage and operate the program. Integration and interoperability will be among the most important risk areas to analyze and manage on an ongoing basis. In this regard, cloud-leveraged outsourcing offerings likely will have several integration points, as well as multiple vendors. Thus, operating-level agreements (OLAs) that align with the specific SLAs are critical. In a best-case scenario, OLAs should be agreed-on at the contract negotiation level, before an award is made. For existing relationships, the organization must retrofit OLAs.

Business Impact: For advisory and consultative services, enterprises must be able to gain insights and analysis on how to harness cloud computing technologies to further their strategic use of IT. In the long term, the enterprise can more clearly identify and execute IT architectures that provide competitive parity versus competitive advantage.

With regard to outsourced offerings that utilize cloud computing, enterprises will need higher-level access to more-industrialized solutions that offer shorter adoption timelines and faster return on investment in IT services.

The long-term impact of cloud-driven professional IT services and solutions will be material and significant with regard to their size, breadth and savings levels within the overall IT service industry. It will provide more choices for enterprise buyers. It will reshape the service provider landscape, because major barriers to capital-intensive areas, such as infrastructure or applications, will be removed.

Benefit Rating: High

Market Penetration: Less than 1% of target audience

Maturity: Embryonic

Sample Vendors: Accenture; Capgemini; CSC; EDS; HCL Technologies; IBM; Tata Consultancy Services; Wipro Technologies

Recommended Reading: "Comparing Cloud Computing and Infrastructure Utility"

"Buy Industrialized Services to Quickly Reduce Outsourcing Costs and Risks"

"Save Money Now With Hosted and 'Cloud' Infrastructure"

"Q&A on IT Services Industrialization"

"The Seven Golden Rules for Industrialized IU Services"

"Market Trends: IT Infrastructure Utility, Worldwide, 2008"

"Forecast: Sizing the Cloud; Understanding the Opportunities in Cloud Services"

"Cloud Computing Services: A Model for Categorizing and Characterizing Capabilities Delivered From the Cloud"

"Key Attributes Distinguish Cloud Computing Services"

"Global Class: The Inspiration for Cloud Computing"

Analysis By: Benoit Lheureux

Definition: While many business users of cloud computing and software-as-a-service (SaaS) providers (e.g., Google and salesforce.com) use browsers to access and interact with cloud-based applications and data, many others want to integrate cloud-based functionality among different providers (cloud-to-cloud integration) and with internal applications (cloud-to-on-premises integration). We call this "cloud computing/SaaS integration".

Cloud computing/SaaS integration can be solved using integration technology and services that are similar to integration solutions used to implement on-premises (internal or integration) and traditional e-commerce (B2B integration) projects. Such integration functionality includes:

• Secure, reliable communications to connect cloud-based and on-premises functionality
• Translation tools to convert business data (when required, which is more often the case than not)
• Service orchestration or process flow to disposition services and process events — e.g., routing (propagating) a customer update or order approval from one application to another
• Optional governance technology to define and manage policies related to remote execution of services and access to data
• Adapter technology to integrate with various on-premises applications and data

Such integration functionality can be delivered as software, services, or a combination of both. SaaS vendors typically offer multiple approaches to cloud computing/SaaS integration — typically, a combination of the Web application programming interfaces (APIs), some form of lightweight, on-premises integration technology, plus a choice of software and service solutions for SaaS integration from one or more third-party technology providers. Another popular solution of specific cloud computing/SaaS integration scenarios is packaged integration — i.e., prebuild solutions (from vendors such as Appirio and Celigo), such as integrating contact information between salesforce.com and Google. Many IT users implement their own solutions. Regardless of which options for integration a SaaS provider offers, SaaS customers need to consider their own requirements and preferences, which include in-house and B2B integration skills and infrastructure.

Position and Adoption Speed Justification: The rapid adoption of cloud computing and SaaS-based functionality during the past few years, combined with increasing demand from end users for improved integration of business data and processes between the cloud and their on-premises applications, has created an acute need for solutions to address cloud computing/SaaS integration. The trigger for such solutions occurred several years ago, and rapid adoption of these solutions has revealed itself in a high-profile way via so-called "vendor ecosystems" of cloud computing/SaaS providers that offer solutions to this problem. For example, salesforce.com customers that need a cloud computing/SaaS integration solution can now choose from more than 40 technology partners with more than 70 solutions. More recently, Google introduced its new Secure Data Connector and related IT partnerships to address cloud computing/SaaS integration requirements for Google Apps and applications deployed within Google App Engine. Although such cloud computing/SaaS integration solutions have been on the market only a few years, marketing hype and IT end-user interest has accelerated. Users' expectations are quickly approaching the Peak of Inflated Expectations on the Hype Cycle.

Most solutions that are targeted at the cloud computing/SaaS integration requirement have evolved from some form of integration software or services, including enterprise service bus suites, B2B gateway software or integration as a service (IaaS). For example, Boomi, Cast Iron Systems and Pervasive Software — prominent providers of cloud computing/SaaS integration solutions — all shifted their go-to-market strategies and integration solutions portfolios a few years ago from more-traditional forms of integration. They each heavily leveraged integration functionality previously sold for use in noncloud-based integration projects, and used that as the basis for new solutions developed more specifically to solve cloud computing/SaaS integration problems. This included adding new capabilities, such as cloud-based integration development tools and support for Web APIs published by cloud computing and SaaS vendors. Vendors such as Cast Iron Systems and Pervasive Software also now deliver their solutions as software and services, which allows users to mix on-premises integration software with IaaS, where necessary, to meet diverse cloud computing/SaaS integration project requirements.

The impact of this approach is that many cloud computing/SaaS integration solutions, unlike many other new IT solutions, are already relatively mature. Many aspects of core functionality, such as translation and adapters for integrating with on-premises applications, benefit from years of prior multigenerational product development. However, available features, such as support for Web APIs and new cloud-based integrated development tools, may still be in early generations. Because the core technology is sound, companies implementing cloud computing/SaaS integration solutions can be confident that these solutions are sufficiently mature to support their B2B projects. This also means that cloud computing/SaaS integration is likely to move rapidly along the Hype Cycle from its current position near the Peak of Inflated Expectations down through the Trough of Disillusionment, and then up onto the Plateau of Productivity.

User Advice:

• When available, consider packaged integration as a solution for specific, usually pairwise, integrations between cloud computing-based functionality and your on-premises applications.
• Although solutions for traditional e-commerce versus cloud-computing-based integration scenarios are often distinct, look for opportunities to leverage a common IT infrastructure to solve both types of B2B integration.
• Avoid using a particular cloud computing/SaaS integration solution if it does not resonate with your internal B2B integration strategy.

Business Impact: Companies across all industries and geographies that use cloud-computing-based business software functionality will eventually want to integrate that functionality with on-premises applications and data to improve multienterprise process integrity. Doing so can save money (e.g., by reducing manual data entry using a browser) and generate revenue (e.g., by improving customer satisfaction and competitive advantage by ensuring that master customer data is automatically synchronized between cloud-based and on-premises business software). Therefore, cloud computing/SaaS integration has a high impact on the cloud computing scenario.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Appirio; Avankia; Bluewolf; Boomi; Cast Iron Systems; Celigo; Informatica; OpenSpan; Pervasive Software; QLogitek; Sesame Software

Recommended Reading: "Google App Engine Comes Closer to Enterprise Adoption"

"Who's Who in Cloud-Computing/SaaS Integration, Volume 1"

"SaaS Integration: How to Choose the Best Approach"

"Seeding the Cloud: B2B Flexibility Drives SaaS Adoption"

Analysis By: Daryl Plummer

Definition: One of the key value propositions of cloud computing is the ability to increase or decrease service capacity on demand and to pay for only what you use. This is commonly referred to as "cloud service elasticity." Along with that idea is a complementary idea called "capacity overdrafting" or "cloudbursting" (we use the terms interchangeably). It is the ability to automatically get more capacity from a different cloud infrastructure when the primary cloud infrastructure is overloaded.

One way to describe cloudbursting is service "overdrafting," because the model is similar to what happens to a checking account that has overdraft protection from a savings account. When a check is written that exceeds the balance in the checking account, funds are automatically moved from savings into checking to cover the difference. Most banks provide this kind of overdrafting as a service (for which they charge fees) to their account holders. In the cloud computing world, this usually happens when a request for more CPU power or storage space is made to a server by an application. With service overdrafting (aka cloudbursting), the request is redirected to another server that has more capacity to cover the difference, or where new servers are rapidly/automatically provisioned to provide additional capacity.

Position and Adoption Speed Justification: The issue of cloudbursting (capacity overdrafting) is relatively new to the average IT organization. It is a natural outcome of rapid or automated provisioning. If shared pools of resources are available on demand, then the ability to supplement the capacity that a company has available to it by using someone else's spare capacity makes logical sense. However, economic models, pricing models, service guarantees or even agreements about how the services will be used are immature or nonexistent. Adoption of cloudbursting, therefore, will trail the general issue of elasticity by about 12 months.

User Advice: End-user organizations will benefit from rethinking how capacity planning is done. This is the primary benefit of cloudbursting. If a company can expect to get increased capacity from someone else when, and only when, it is needed, then there is considerably less need to purchase excess fixed capacity before it's needed. This model will allow enterprises to exist in a hybrid cloud computing environment, where on-premises capacity could be used and supplemented by off-premises capacity when a cloudburst happens.

Business Impact: The business will benefit from cloudbursting through reduced cost of fixed capacity, use of operating expenses to pay for on-demand capacity, and a gradual movement away from a technology model that forces each part of the business to pay for technology bought by the IT organization. The ability to get resources as needed will become an assumption of the business (within contracted and planned limits) that does not require the business to focus on whether cloudbursting is needed. Instead, the business will subscribe to a service that uses overdraft protection as a basic feature to ensure quality service delivery.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Emerging

Sample Vendors: Amazon.com; Enomaly; salesforce.com

Recommended Reading: "Anatomy of a Cloud 'Capacity Overdraft': One Way Elasticity Happens"

"Three Levels of Elasticity for Cloud Computing Expand Provider Options"

Analysis By: Cameron Haight; Milind Govekar

Definition: Cloud service management tools are products that provide visibility and control within external (public) cloud environments to enterprise consumers and IT operations teams. Included in this category are products that provision system images, monitor performance and availability, enable metering and billing, and integrate with enterprise management systems.

Position and Adoption Speed Justification: Although cloud computing services are gaining traction, the tools for managing the applications and services running with these environments are only now emerging, especially for cloud-based system infrastructure services offerings, such as those from Amazon.com. Depending on the scope of the services offered by the cloud provider, IT operations organizations acting in support of internal customers that use these cloud services will require many of the same types of tools that they use to manage their internal infrastructures, albeit adapted for support of these new technologies.

We expect to see a need for management products that enable the inclusion of cloud-based offerings into service catalogs, provide system image provisioning and other configuration management activities, perform root cause analysis, plan for performance and capacity management, report on service levels, and enable metering and validation of billing. These tools will need to integrate with management tools in an enterprise's data centers, while enabling IT operations teams to work across cloud service providers.

User Advice: Enterprises looking at investing in cloud service management tools should be aware that the technology — which is able to manage true end-to-end service delivery from inside the enterprise to multiple cloud service providers' data centers — is still a vision. Although some cloud providers are beginning to offer management tools to provide more insight and control into their infrastructures, these are limited in functionality and generally offer no support for managing other cloud environments. A small (but growing) number of cloud-specific management firms are emerging; however, enterprises should expect the market-leading management firms — aka the Big Four: BMC, CA, HP and IBM Tivoli —to eventually engage in this market (IBM's Tivoli organization has recently made some announcements in this area). Finally, users of virtualization platforms should expect the providers of these technologies to extend some of their management solutions into the cloud environment as well.

Business Impact: Enterprises will require cloud service management tools to maximize the value of external cloud computing services — i.e., lowering the cost of service delivery, reducing the risks associated with these providers and potentially preventing lock-in.

Benefit Rating: Moderate

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: DataSynapse; IBM Tivoli; Platform Computing; RightScale; SpringSource; Tap In Systems; Ylastic

Analysis By: Martin Reynolds; Carl Claunch; Brian Gammage

Definition: These are large-scale computing systems that self-assemble from components and implement resilience through a software architecture designed to detect, tolerate and automatically respond to component failure. Software will have to change to operate in such an environment.

Position and Adoption Speed Justification: Virtual infrastructure is decoupling software from hardware architectures, but it still requires systems that preserve state. For scalability, flexible provisioning and fault tolerance, the state data must be managed in real time. The tera-architecture approach eliminates this overhead (and cost) by also decoupling state data from workloads, so that management of state can be fully automated, but software must adapt to accommodate this approach. The technologies are emerging in very large-scale data centers built to service Internet loads. Google (App Engine) and Microsoft (Azure) have both introduced development environments that start to decouple software from hardware failures in a scalable environment. The result is an architecture designed to automatically detect, tolerate and respond to the failure of hardware components without visible impact on service levels, meaning that less-reliable and lower-cost hardware can be used.

User Advice: Implement virtualization across the data center as a first step. Tera-architectures will require code development methods that create stateless services. Examine Microsoft Azure and Google App Engine as early instantiations of such an environment.

Business Impact: By significantly reducing the overhead of managing hardware, tera-architectures promise to reduce the cost of computing by a factor of 10, in exchange for 98% annual reliability. Such a trade-off is very valuable in emerging analysis applications.

Benefit Rating: High

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: Google

Analysis By: Lydia Leong; David Cearley

Definition: A virtual private cloud (VPC) refers to the partitioning of a portion of a public cloud computing service provider’s environment into an isolated environment that is dedicated for use by a single entity or group of related entities (such as multiple departments within a company). In addition, a VPC may be isolated from the Internet, utilizing a private network (virtual private network [VPN] or private connectivity) and/or a virtual LAN for access to the services, to add an additional level of performance, security and control.

Just as with a public cloud computing service, the provider of a virtual private cloud service owns, controls and manages the underlying infrastructure and other elements used to create the service or services being delivered via the VPC. The self-service interfaces, application programming interfaces (APIs) and other mechanisms used to access/consume, secure and manage the public cloud service analog are used as a starting point for the VPC. Customization of these elements by the provider for the target consumer may be available. Additional layers of security and management may also be layered by the consumer on top of the standard or customized VPC services.

In its simplest form, access to VPC services will be limited to a single consumer and will deliver a service consumption experience that is virtually identical to the public cloud computing service analog. More complex approaches will enable the consumer contracting for the VPC service to request customizations and exert some level of control over the access to the VPC services. Customers may choose to limit access to certain services to their company as the exclusive consumer of the VPC services. They may also choose to give other consumers (for example, business partners or customers) access to some VPC services. The specific type and degree of control available to the VPC purchaser, and pricing models, will vary between VPC offerings.

Position and Adoption Speed Justification: VPC services are emerging phenomena driven by consumers that are interested in the potential of cloud computing, but who do not want to cede that much control, or share their entire service environment with other customers. A VPC cloud model offers an alternative to a typical private cloud computing environment that is potentially less costly and more quickly deployed. Most VPC providers are hosting companies that have expanded into cloud services.

User Advice: Users that are currently exploiting hosting services from providers that are revamping their offerings to offer public cloud computing services may be able to consider a VPC as an easier step to the cloud from their current dedicated hosting model. Companies focusing on migration of traditional enterprise applications to cloud computing will find the potential security and control of a VPC attractive, as will those wishing to create more sophisticated hybrid solutions that mix internal and external cloud-based resources. However, long-term scalability, elasticity and financial benefits in comparison to public cloud computing remain uncertain, as does the degree to which a VPC can fully match the security and operational management benefits of a full private cloud.

Business Impact: When combined with a hybrid cloud computing model (for example, using internal resources and external cloud computing services), VPC services have the potential to bridge the gap between the public and private cloud models. By providing additional control, management and security beyond that of public cloud services, the VPC approach reduces risks and makes it feasible to deploy a wider range of enterprise applications.

Benefit Rating: High

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: Layered Technologies; Terremark

Analysis By: Yefim Natis; Eric Knipp

Definition: Application platform as a service (APaaS) is a development and deployment environment for cloud-based applications, offered to IT organizations as a service. In other words, applications developed in and for an APaaS are software-as-a-service (SaaS) applications.

APaaS is, in principle, a specialized application server and application development toolset that is deployed “in the cloud” and offered as a service to its users. The technology behind the service is referred to as a SaaS-enabled application platform (SEAP). Some SEAPs are offered as general-purpose products, while others are used exclusively to power an APaaS and are not offered as products in their own right. The cloud specialty of such an application server makes it quite different from a regular application server. In addition to the underlying SEAP technology used to enable APaaS, some vendors also provide highly scalable, distributed data stores and other innovations that differ substantially from traditional on-premises alternatives.

It is important to differentiate APaaS, which is an off-premises service, from SEAP, which is an on-premises technology category. SEAP is, simply speaking, an application server with some special features, such as multitenancy, that make it suitable for SaaS-style applications. To have SEAP and use it, you have to buy it just as any other application server. APaaS is a service, not a product. Someone else runs the software, you just pay for membership and get access to a running environment where you can develop and deploy applications. To offer APaaS, the provider must have developed or bought a SEAP.

Position and Adoption Speed Justification: With the introduction of Force.com by salesforce.com and Google’s App Engine, the APaaS option has become known to the majority of leading-edge IT organizations and most independent software vendors (ISVs). The interest in APaaS is further advanced by the growing awareness and interest in cloud computing, of which APaaS and its SaaS-style applications are a notable part. Although current industry attention is focused on the shared-hardware, virtualization-based model of cloud computing, the more advanced shared-everything model enabled by APaaS is gaining traction as well. There is more understanding and recognition to be developed here, and, likely, more inflated expectations to develop as well, but we believe that behind the advancing hype is real market-changing innovation: the beginning adoption by the IT industry of software-based solutions as a service in place of the end-to-end ownership (and burden) of on-premises software.

As with all innovation, leading-edge organizations are adopting APaaS first, and the mainstream is cautious and awaiting standards and assurance of safety. The industry is likely several years away from well-accepted safety of APaaS for mission-critical, mainstream IT projects. However, the clear advantage of ease of use, rapid time to results, low cost of entry, massive scalability and reliability, and greatly reduced system support burdens make APaaS especially attractive to startup ISVs. These new ISV applications will lead to a growing number of applications that are available only as SaaS and are enabled by an APaaS (and the underlying SEAP), instead of a traditional on-premises application server. These unique SaaS-only applications will help lead the way for APaaS acceptance by mainstream IT organizations in the next five years.

User Advice: Users of SaaS applications should use the programming capabilities of these applications to extend the applications (salesforce.com, NetSuite and others offer such specialized APaaS). These offerings are a good place to start getting familiar with the new model of software development, without incurring undue risks.

ISVs and, especially, smaller startup ISVs should look at the APaaS opportunity as a serious long-term, game-changing option. Its low cost of entry, low burden of operations, and high degree of productivity and scale enable less-technical ISVs to concentrate on their business expertise and leave the IT issues to others. The risk of today's APaaS is the proprietary nature of the APaaS programming model. Today, and until there is a standard (although it's unlikely for at least two years), choosing an APaaS is a lock-in decision. (Google is attempting to offer an APaaS — its App Engine — using Java. Its ability to support business application requirements in the cloud are yet to be proved.)

Enterprise IT departments are typically well-invested in managing their IT infrastructure, and are not looking for a relief from that area of their responsibility. Still, they will likely find the productivity and low startup and system management costs of an APaaS attractive. Note that IT users should be careful evaluating the long-term total cost of ownership of APaaS, because its subscription costs tend to gradually increase.

The frequently raised objection to SaaS is the unwillingness of enterprises to enable third parties to manage their business data. Indeed, today, not enough proof exists to ensure the market of full safety from intrusion for this data. However, users should see new technologies and processes to ensure dependable protection of data integrity in SaaS applications as only a matter of time; moreover, in some cases, professional management of data will prove more secure than the custom processes developed by enterprises in-house.

Business Impact: APaaS is a part of a fundamental and discontinuous change in the application platform market. It is part of a larger SaaS and cloud-computing phenomenon, all amounting to one core change — the transition from IT solutions that are conceived, deployed and managed under the control of an enterprise IT department to IT solutions that are applied and composed by the enterprise, but executed and managed by expert third-party providers. It is a step toward greater industrialization of IT, to predictable, dependable, professionally managed, plentiful and agile information resources. Most IT organizations are or will in the next five years become partly dependent on SaaS-style software, and some of them will begin developing their own custom applications on APaaS as well. This will lead to a change in IT jobs, organizations and budget allocations.

For platform vendors, the change is the new buyer landscape (dominated by ISVs). For application vendors, the change is the relief from multiplatform and multiversion support burdens, but, additionally, dependence on new technologies and possibly new platform vendors. Software giants will compete to establish the next programming standard emerging in the APaaS space, and to defend their on-premises strengths from new SaaS-based challengers. Users will depend more than ever on their ability to perform application integration across platforms, architectures and languages.

Benefit Rating: Transformational

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: Apprenda; Archer Technologies; Bungee Labs; ForeSoft; Google; LongJump; Qrimp; salesforce.com

Recommended Reading: "Application Infrastructure for Cloud Computing: An Emerging Market"

"Reference Architecture for Multitenancy: Enterprise Computing 'in the Cloud'"

"LongJump Reality Check: Product vs. Service in the Early Cloud Age"

"Key Issues for Cloud-Enabled Application Infrastructure, 2009"

"Magic Quadrant for Enterprise Application Servers, 2Q08"

"Introducing SaaS-Enabled Application Platforms: Features, Roles and Futures"

Analysis By: Gene Phifer

Definition: Cloud computing will see a varied adoption pattern in the enterprise. Enterprises already use some software-as-a-service (SaaS) offerings like those from salesforce.com, but these are frequently implemented on an ad hoc, departmental basis, without the consent or knowledge of the IT department. Other enterprises are using infrastructure-oriented cloud services like storage as a service and application platforms as a service (APaaSs). Essentially, every infrastructure component and business application running in your IT department is or soon will be available as a cloud offering. But adoption of cloud-based services has been spotty in the past. This trend will change in the future as the vendors and the offerings mature, and as cloud computing success stories start to proliferate.

However, some things must be addressed before enterprises will feel safe in using cloud computing services:

• Security: Are my business transactions and users safe?
• Data: Is my data safe? Is it recoverable within an acceptable time frame? Is it portable? Is it located in a region that I'm comfortable with?
• Reliability: Will the service be available when I need it? Are the service-level agreements (SLAs) acceptable, and are they being met?
• Cost: Are the promised cost savings being realized?
• Integration: How will I integrate my on-premises services with cloud-based services? How will I integrate multiple cloud-based services with each other?
• End-to-end process control: How will I control my business process when a mix of on-premises and cloud-based services is involved?
• Vendor: Is the vendor going to survive the eventual industry consolidation? Is the vendor trustworthy? Is there a possibility of vendor lock-in?
• Culture: Can IT adjust to not owning the computing resources and people necessary to provide services to their customers?

In the current state of cloud computing, many of these questions don't have adequate answers. In this scenario, only Type A enterprises, those willing to take on risk, will be willing to play in the cloud. However, the cloud computing providers are rapidly addressing these issues; therefore, cloud computing will soon pose an acceptable risk for Type B enterprises.

This technology profile focuses primarily on the enterprise adoption of cloud computing services from the public cloud. It does not focus on the adoption of private cloud by enterprises, as this is on a different trajectory.

Position and Adoption Speed Justification: At this time, Type A enterprises are the predominant users of cloud computing, because the risk/reward equation for various cloud services is unacceptable for many Type Bs and all Type Cs. As the technologies and vendors of cloud computing mature, broader sets of enterprises will take the plunge. However, in spite of the significant hype, there is still much to learn about cloud computing, and further hype will ensue.

Adoption of the cloud will accelerate in 2010, with small businesses and enterprises in developing nations taking great advantage of cloud-based services. Large enterprises will adopt the cloud at different paces, depending on their risk profiles, but even Type B enterprises will start to take significant advantage of the cloud starting in 2011 and 2012.

User Advice: Examine cloud computing offerings as new IT solutions are addressed in your organization, or as a replacement for existing services that are cost-prohibitive to maintain or onerous to deliver. Match the maturity of cloud computing offerings against the enterprise's risk profile, and move forward as appropriate. Experiment now with cloud computing, even if the solutions are perceived to be too risky to use in production scenarios.

Business Impact: Cloud computing can have significant business impact on an enterprise, including reduced total cost of ownership (TCO), accelerated time to market, and reduced requirements for real estate, heating, ventilation and air-conditioning (HVAC), and support personnel.

Benefit Rating: Transformational

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Amazon; Google; IBM; Microsoft; Oracle; salesforce.com; SAP

Recommended Reading: "Key Issue for Cloud Computing, 2009"

"Top Five Cloud Computing Inhibitors"

Analysis By: Donald Feinberg

Definition: Database management systems (DBMSs) in the cloud consist of any DBMS available on a cloud infrastructure. There are three distinct variations of DBMSs in the cloud:

• DBMSs engineered as part of a cloud offering where the DBMS is engineered to be available only as a cloud offering (Microsoft's SQL Services are examples of this).
• DBMSs, available on other platforms, such as MySQL, Oracle and Vertica, that can be installed on cloud system infrastructure; for example, Amazon EC2.
• The cloud offerings of file systems that have some DBMS functionality, such as Cloudera, BigTable and SimpleDB. Although included, these are not full DBMS implementations with multi-user transaction persistence (for example, locking) and other DBMS functionality.

Position and Adoption Speed Justification: Although some of the DBMS implementations in the cloud are mature, widely available DBMS engines, there are issues related to cloud system infrastructure such as security, location, reliability and colocation. These issues cause a slower adoption rate for cloud-based implementations. As cloud hosting matures during the next two to five years, showing scalability, security and reliability, there will be an increase in the use of this platform for the hosting of databases for production applications. In addition to the maturing of the cloud, many of the traditional DBMSs will release a cloud-specific version taking advantage of the features of the cloud, such as elasticity and colocation of resources.

Several new entrants only available as cloud-based databases, such as BigTable and SimpleDB, are missing some major functions and features, such as multi-user transaction control and persistence. Some cloud implementations are available with restricted functionality from its enterprise DBMS edition (for example, Microsoft's SQL Services implementation in the cloud, available later in 2009). The rate of adoption of cloud-based DBMSs will depend on the increasing maturity and acceptance of cloud system infrastructure in general, and the maturing of the new entrants. Most usage to date has been for test and development systems and, for several DBMS vendors, for rapid deployment of proof-of-concept (POC) trials.

User Advice: Use of cloud infrastructure to host a DBMS should be restricted to development and test systems, and additionally for single-user systems or those requiring file storage in the cloud with one writer and multiple readers. There are still many issues with security, reliability and with the cloud file systems, there are issues with concurrent user control. Limited use for hosting Web-specific content is also a possibility. Exercise care for systems with high amounts of data transfer as most cloud infrastructure vendors charge for movement of data in and out of the cloud. The other data transfer issue is latency, as the time to transfer large amounts of data to the cloud (for example, to support a data warehouse in the cloud) can be time-constrained. For these reasons, usage for development systems, with minimal data transfer, can be beneficial — moving the systems in-house after development. Finally, elasticity of resources, a major advantage of cloud infrastructure, may not be automatic with most of the traditional DBMS implementations in the cloud. Expect to monitor growth and manually increase or decrease necessary resources when using traditional DBMSs.

Business Impact: Initially, cloud DBMSs will have an impact for vendors desiring a less expensive platform for development, and vendors needing a temporary platform (for example, for POCs). As cloud infrastructure with DBMSs gains maturity, especially in scalability, reliability and security, cloud implementations used for short-term projects, small departmental applications and rapid development platforms will show marked cost reductions compared with implementations within the IT department. The speed of setup will be a primary driver to rapid deployment of systems without the requirements and planning necessary for IT projects within the IT department. This will also reduce the necessity of IT to be able to respond to short notice and short duration projects, reducing overall costs in IT.

As cloud DBMS matures during the next two to five years, it will be possible for an organization to host the entire DBMS infrastructure, with potentially far-reaching reductions in the cost of servers, storage, DBMS licenses, maintenance and support, storage management and database administration.

Benefit Rating: High

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: Amazon.com; Aster Data Systems; Google; Greenplum; IBM; Microsoft; Oracle; Sun Microsystems; Vertica

Recommended Reading: "Application Infrastructure for Cloud Computing: An Emerging Market"

"Global-Class Persistence for Cloud-Based Web Applications"

Analysis By: Thomas Bittman

Definition: The term "private cloud computing" describes a style of computing used by a modern internal IT provider to behave like an external, cloud-computing service provider. Private cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as services to "internal" customers using Internet technologies.

Private cloud computing is the answer for larger enterprises interested in improving their economies of scale and efficiency, improving their flexibility and elasticity, and lowering their barrier to entry to IT customers, without necessarily relying on "public" cloud-computing services (because the services are not yet available, mature or secure, for example).

The difference between public cloud-computing services and private cloud-computing services is a combination of service access and service ownership/control. Public cloud-computing services and private cloud-computing services are two extremes representing open service access and complete third-party control (public cloud-computing services), as well as extremely limited access and complete internal control (private cloud-computing services).

Many elements are required to make private cloud-computing work, including virtualization technologies (in servers, storage, networking, etc.), automation technologies and self-service technologies, as well as the standards/application programming interfaces for those technologies. The need for these technologies is not fundamentally new (virtualization has been taking place for years, while automation of operational processes has been around much longer); however, real-world examples of cloud-computing providers are putting a new focus on these technologies, increasing vendor attention and changing enterprise strategic plans. For example, many organizations start with a virtualization project. The next step would be to automate how those virtualized resources are allocated, and then put a self-service front-end on the virtualized resources. Each of these steps require some technology invention and deployment, changes in operational process and management techniques, and cultural changes.

Private cloud computing is, therefore, a trend that depends on many different technologies.

Position and Adoption Speed Justification: The cloud-computing trend has just recently spawned the interest in private cloud computing within the past year or two. Although some of the technologies required for private cloud computing exist, many do not, or are very immature. There are a limited number of examples of private cloud-computing services today. Most of them are custom architectures, but there are a few packaged solutions for limited services (such as a development-and-test private cloud service). Dozens of vendors have announced private cloud-computing strategies just in the past few months. In some cases, they have taken existing technologies and slapped the "private cloud" label on them. In others, they are redirecting their product strategies in new ways, due to cloud computing and private cloud computing. The reality of private cloud computing will be determined during the next few years of technology rollouts and adoption.

User Advice: Private cloud computing is a style of computing. Be cautious about vendors promising to build you a private cloud architecture. Instead of starting with the architecture, start with the service. What services would benefit from a cloud-computing style of architecture and deployment? Are those services already available in a sufficient form from third-party suppliers? Is there a sufficient return on investment to build your own private cloud-computing service? Can you build a private cloud service so that several services can leverage the same architecture? What are your eventual plans for migration to a public cloud service, and can you make that migration easier by building a private cloud service today? Is there a way to migrate to public cloud-computing services in a stepwise manner — slowly ramping down your service while ramping up your use of an external service?

Business Impact: Like cloud computing, private cloud computing is about improving efficiency (through economies of scale), but perhaps more importantly it is about improving service delivery (by offering a service-oriented interface to customers that is backed by automation). Low barrier to entry, rapid deployment to meet needs, and rapid scaling up and down are the hallmarks of cloud computing. Unlike cloud computing, however, private clouds will ensure that enterprise assets and data are maintained internally. The cost for doing this is continued capital spending and less efficiency than can be obtained by a massive cloud-computing service provider. Finally, private cloud-computing requires that an enterprise transform how IT is consumed. The shift to services (rather than implementation and assets), pay-per-use and chargeback and treating IT services as business services all require transformation that enables the business to make better business decisions, and become better consumers of external cloud-computing services in the future.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Sample Vendors: BMC Software; Cisco; HP; IBM; Oracle; VMware

Recommended Reading: "Private Cloud Computing: The Steppingstone to the Cloud"

"Five Refining Attributes of Public and Private Cloud Computing"

"The Spectrum of Public-to-Private Cloud Computing"

Analysis By: Ben Pring; Claudio Da Rold

Definition: Business process utilities (BPUs) are externally provisioned process management services based on highly standardized processes and unified one-to-many technology platforms. The service provider manages direct business process inputs (often automated) as well as business processes. The service provider or the service recipient can execute the outputs. Contracts typically feature per-transaction fees with monthly minimums. Individual service recipients fund their customization/configuration or integration with other processes or applications.

Position and Adoption Speed Justification: BPU mirrors the trends in the software as a service (SaaS) marketplace, although it is not as advanced and as developed as SaaS. BPU could be seen as "business process outsourcing as a service" or "business process outsourcing on demand." We also now refer to "cloud business services" to reflect the increasing prevalence of cloud computing and cloud services. The difference between SaaS and BPU is that with BPU, the client is receiving not only an application (as a service), but a managed process, too (that is, BPU provider utilizes its own human staff to execute elements of the process that cannot yet be automated). The difference between "traditional" business process outsourcing (BPO) and BPU is that BPU providers design, own and deliver the process and the platform, and the process is, therefore, highly shared and standardized across the client base.

There are two types of BPU; one originates from "pure play" providers — such as PayPal — that came into existence in the Internet age; the other originates from older, larger providers — such as ADP — that predate the Internet but that always delivered muticlient solutions based on shared technology and that now infuse their offerings with Internet-based technologies. "Pure play" BPU is a still small subset — no more than 8% — of the overall BPO market. The inclusion of more-traditional providers morphing into cloud-based provision expands the size of this approach considerably; as an example, 25% of the existing outsourced payroll market is already a BPU or cloud-business service.

Interest in BPU is growing, and the current explosion of interest in all things "cloud" is partly responsible. Gartner believes that the BPU proportion of the overall BPO market will represent over 20% by 2013.

Vendors operate in a broad set of differentiated niche segments, and some niches are more mature and more advanced than others; some notable examples of BPU include Accenture's Navitaire revenue management service in the airline sector, the Xansa SBS joint venture with U.K. NHS, or Power Advocate, a Boston, Massachusetts-based provider that operates in the energy sector, providing procurement-related services.

The idea of BPU is more in vogue, because, even though in many ways it is a "return to the future," BPU is regarded as an alternative to more-traditional approaches whose limitations and problems are more widely understood. On the supplier side, BPU addresses the fact that some BPO suppliers struggle to generate material cost reductions (because of the above scenario) or healthy/appropriate profit margins (which, in turn, can potentially undermine service quality). On the customer side BPO customers frequently comment to Gartner on the lack of flexibility, and fewer cost benefits and innovation than expected. Not surprisingly, more and more enterprises are unhappy with this dysfunctional situation. Entrepreneurs within traditional BPO companies, and in new ventures that have spotted the challenges and lack of sustainability of the above, are busy using new technologies, such as service-oriented architecture (SOA), SaaS, and Ajax as examples to develop newer, more-cost-effective solutions, recognizing the commercial opportunity that exists for a new breed of applications and process-based solutions. BPU engages these problems from the good enough, high-automation and configurability, lower total cost of ownership, and limited or no investment "service on demand" approach. The push toward cloud-computing-based, IT-intensive services will provide the broad prospective audience, the computing platform sharing and the scalability needed to deliver the next version of online business process services.

User Advice: Enterprises should examine the emergence of BPU in a discrete context and also as it relates to the overall development of BPO, how they have used BPO, and how they wish to use BPO in the future.

The starting point for this analysis is to conduct a thorough process portfolio analysis to identify mission-critical processes — that typically will be retained — and those non-mission-critical ones that can be candidates from outsourcing.

In addition, currently outsourced processes should be examined for their suitability for a BPU approach, if available; in this case, clients should evaluate the offered functions and the gap with existing or required functions, as well as risk and rewards, such as lower cost and better flexibility than other options. Enterprises already leveraging outsourcing should understand their vendors’ plans to utilize these same concepts and place pressure on them if their pace of adaptation is unacceptable.

In the medium term and longer term, enterprises should craft change processes that will take enterprises from their current steady state to the potential improvements embodied in the idea of BPU. As processes “decompose” and become increasingly “virtualized,” only those organizations that have thought through what this new world will look like will be in a position to quickly take advantage of these new paradigms. Sourcing "business processes from the cloud" while promising lower-cost solutions, offered in ways that facilitate greater technology-oriented interoperability, will bring new and different challenges. Most notably, the need to "orchestrate" services being delivered by multiple BPU providers will need significant attention.

Business Impact: The potential benefits of agility, speed to market (based on a best-practice, prebuilt service) and pay-per-use pricing are important drivers in the uptake of BPU contracts. Businesses will increasingly try to determine whether competitive differentiation is required in the form of high customization in BPO contracts. The success of BPU delivery hinges on buyers eschewing their traditional demands for customized solutions that do not deliver competitive differentiation. Nevertheless, our evaluation of the effects of BPUs is still cautious (of moderate benefit), because few BPU ventures have been successful or delivered commercial services with enough scale.

The potential benefits of a BPU approach are particularly evident for processes that are executed in a similar way by multiple organizations (our samples were taken from local government, small and midsize banks, and healthcare providers), for horizontal processes (such as HR and procurement), or when a core, but nondifferentiated, process must evolve for business or regulatory reasons, and multiple organizations are willing to share the cost of evolution.

More business processes will become BPU candidates, such as loan origination in banking or securities clearing and settlement. Some of these transaction-based processes will begin commoditizing to such an extent that only large-volume organizations will be able to justify the cost of custom processes. Expect a rising number of IT-intensive business services to be developed and offered as BPUs by nontraditional IT services players, especially in association to new business and service models developed on cloud computing.

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Maturity: Emerging

Sample Vendors: 170 Systems; ACS; ADP; Authorize.net; Chi-X; Equiduct; Exigen; Navitaire; PayPal; Rearden Commerce; the BOAT Consortium; Turqoise; Xansa

Recommended Reading: "Forecast: Sizing the Cloud; Understanding the Opportunities in Cloud Services"

"Emerging Technology Analysis; Business Process Utility, Business Process Outsourcing Hype Cycle, 2008"

"Predicts 2009: Consolidation, 'Cloud,' and Clarity of Innovation for Business Process Services"

"Business Process Utility: The Next Wave in Business Process Outsourcing"

"Determine the Applicability of BPU Contracts When Outsourcing"

"BPU Faces Perception Hurdles in the Outsourcing Market"

"Xansa Delivers Business Process Outsourcing for Finance and Accounting, Payroll, and Procurement for England's National Health Service"

"A Business Process Utility May Help the Recording Industry Deal With the Digital Revolution"

"ACS Transforms N.J. Turnpike Authority's E-ZPass Toll System"

Analysis By: David Cearley

Definition: For the near future, virtually all companies using public cloud-computing services will also have some form of internal IT systems. However, hybrid cloud computing does not refer to using internal systems and external cloud-based services in a disconnected or loosely connected fashion. Hybrid cloud computing refers to the combination of external public cloud-computing services and internal resources (either a private cloud or traditional infrastructure, operations and applications) in a coordinated fashion to assemble a particular solution. Hybrid cloud computing implies significant integration or coordination between the internal and external environments at the data, process, management or security layers.

Hybrid cloud computing can take a number of forms. These approaches can be used individually or in combination to support a hybrid cloud-computing approach:

• Joint security and management — Security and/or management processes and tools are applied to the creation and operation of both internal systems and external cloud services.
• Cloudbursting — Dynamically extending an application or a portion thereof from an internal private cloud platform to an external public cloud service based on the need for additional resources.
• Cloud service composition — Creating a solution with a portion running on internal systems, and another portion delivered from the external cloud environment in which there is ongoing data exchanges and process coordination between the internal and external environments. Mashups are a form of integrated solutions where public cloud-based services are combined with internal application components into a composite application using Web application programming interfaces (APIs) and data success mechanisms (such as Really Simple Syndication [RSS] feeds).
• Dynamic cloud execution — The most ambitious form of hybrid cloud computing combines joint security and management, cloudbursting and cloud service compositions. In this model, a solution is defined as a series of services that can run in whole or in part on an internal private cloud platform or a number of external cloud platforms, and in which the actual execution (internal, external) is dynamically determined based on changing technical (e.g., performance), financial (e.g., cost of internal vs. external resources) and business (e.g., regulatory requirements) conditions.

Position and Adoption Speed Justification: Most companies will use some form of hybrid cloud computing. Early adopters are already using mashups and joint security and management approaches. Some are building simple integrated solutions and experimenting with cloudbursting. More-sophisticated, integrated solutions and dynamic execution are of interest, but beyond the current state of the art.

User Advice: When using public cloud-computing services, establish security, management and governance models to coordinate the use of these external services with internal applications and services. Where public cloud application services or custom applications running on public cloud infrastructures are used, establish guidelines and standards for how these elements will combine with internal systems to form a hybrid environment. Approach sophisticated integrated solutions, cloudbursting and dynamic execution cautiously, because these are the least mature and most problematic hybrid approaches. Whenever using public cloud-computing services, establish security, management and governance models to coordinate their use with internal applications and services. To encourage experimentation and cost savings, and to prevent inappropriately risky implementations, create guidelines/policies on the appropriate use of the different hybrid cloud models.

Business Impact: Hybrid cloud computing leads the way toward a unified cloud-computing model in which there is a single "cloud" that is made up of multiple cloud platforms (internal or external) that can be used, as needed, based on changing business requirements. This ideal approach would offer the best possible economic model and maximum agility. It also sets the stage for new ways for enterprises to work with suppliers and partners (B2B) and customers (B2C) as these constituencies also move toward a hybrid cloud-computing model. In the meantime, less-ambitious hybrid cloud approaches still allow for cost optimization, flexible application deployment options, and a coordinated use of internal and external resources.

Benefit Rating: Transformational

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: Enomaly; Zimory

Analysis By: Eric Knipp

Definition: Cloud application development (AD) tools are used to create custom software applications deployed on an application platform as a service (APaaS), a software-as-a-service (SaaS)/cloud-enabled application platform (SEAP), or a cloud system infrastructure. These applications can range from simple, situational business process management (BPM) to complex, mission-critical, line-of-business systems. The distinguishing features of these tools include awareness of, integration with, and control of the target cloud runtime environment where the finished application executes. Cloud AD tools can be categorized along two axes: target audience and runtime environment.

Situational applications targeted for APaaSs or SEAPs may be authored by non-IT staff, requiring a programming environment that is amenable to use by nonprofessional programmers. For example, platforms like Force.com, WaveMaker Cloud Edition, RollBase, Qrimp, dbFlex, and Bungee Labs provide fourth-generation language (4GL)-style features in a "what you see is what you get" (WYSIWYG) graphical editing interface. To further simplify development of situational applications by end users, each of these programming environments is delivered as a SaaS-style offering, preventing the need for installation and maintenance of a traditional local integrated development environment (IDE).

Mission-critical, line-of-business applications generally require more customization than is possible using simple WYSIWYG tools. Advanced customization is supported by the most flexible APaaS and SEAP platforms, which may use a proprietary or standard programming language, coupled with rich proprietary application programming interfaces (APIs) or libraries. For example, Google App Engine (GAE) enables developers to write code in a reduced version of Java using a plug-in for the popular Eclipse IDE, but provides no graphical user interface for development. Force.com also offers a downloadable plug-in for Eclipse, which enables both WYSIWYG editing and customization using the proprietary Apex language.

Applications that will be deployed on top of cloud system infrastructures, such as Amazon Elastic Compute Cloud (Amazon EC2) or Rackspace Cloud, require a different approach than those targeted at APaaSs or SEAPs. A cloud system infrastructure enables a high degree of architectural flexibility, but necessitates more-customized approaches to development that require professional programmers to implement successfully. Popular tools for working in this environment include Aptana and its Cloud Connect feature, or the more limited Amazon Web Services (AWS) plug-in for Eclipse.

Position and Adoption Speed Justification: The growth in interest in cloud AD tooling directly tracks the growth in adoption of APaaS, SEAP, and cloud system infrastructure offerings as hosting platforms for custom software applications. New types of cloud AD tools are a requirement for working with an APaaS or a SEAP product. Development of applications targeting cloud infrastructures as a deployment medium is possible using traditional AD tools; however, these tools fail to deliver seamless awareness, integration, and control of the cloud. Some cloud infrastructure vendors are offering enhancements, usually delivered as plug-ins, to popular development tools, and nearly all tool vendors are including some form of cloud-enablement in their product road maps.

User Advice: AD tools used for creating cloud applications — especially for those targeting an APaaS or a SEAP platform — must reflect the reality that applications designed for the cloud are different from their traditional on-premises counterparts. The spectrum of available cloud AD tools is composed of a wide range of capabilities and varying degrees of user-friendliness. When evaluating the capabilities of a cloud platform, include the toolset used for that platform as part of your evaluation, and do not assume that existing AD tools will be sufficient to build applications for this new medium. For example, nonprofessional developers working outside of the IT department will be better served by a visual development environment (such as Qrimp, Sitemasher, or Rollbase), but they will only be able to build somewhat limited applications, as compared with professional programmers who need advanced tooling (such as Eclipse with an AWS or a GAE plug-in) to construct advanced applications. Finally, recognize that cloud AD tooling is, at present, totally proprietary to the cloud system infrastructure, APaaS, or SEAP offering chosen as the deployment medium; once you have invested in custom applications in the cloud, there's no clean migration path to another vendor's offering.

Business Impact: The best cloud AD tools will be transformational in nature, but they depend on the maturation of APaaSs, SEAPs, and cloud system infrastructures themselves; the most powerful cloud AD approaches are likely several years off. This next generation of cloud AD tooling will enable business users to create custom software applications that once required the assistance of professional programmers to realize. Professional programmers will still be critical for more-complicated applications, but they will be able to deliver them faster and less expensively, and without the need for expensive infrastructure.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Sample Vendors: Eclipse Foundation; Google; Microsoft; Qrimp; Rollbase; salesforce.com; SiteMasher

Recommended Reading: "Application Infrastructure for Cloud Computing: An Emerging Market"

"Reference Architecture for Multitenancy: Enterprise Computing "in the Cloud"

"Introducing SaaS-Enabled Application Platforms: Features, Roles, and Futures"

Analysis By: Tom Austin; Matthew Cain

Definition: Cloud-based enterprise application services consisting of multi-tenant e-mail and related applications (typically group calendaring, distribution list management and administrative utilities).

Position and Adoption Speed Justification: We expect cloud-based e-mail services to enter a high growth phase in 2010 and account for a full 20% of enterprise e-mail seats in 2012.

User Advice: Enterprises should evaluate the current cost of provisioning e-mail (and related) services to users and the degree to which retaining that capability internally is part of the enterprise's unique value proposition in the market. Particularly for firms with 5,000 or fewer mailboxes, the cost economics of cloud-based e-mail can be quite compelling. However, before migrating from an internally provisioned e-mail service to a cloud-based service, ensure that you thoroughly understand all the services provided by your internal capability, including backup and restore, archiving, content controls, hygiene services (virus scanning and anti-spam), content monitoring and filtering as well as support for e-discovery and activity investigations, PDAs and other wireless devices. Determine which of these services will be needed and ascertain that your target cloud-based provider meets real requirements beyond "simple e-mail." Track Gartner research on best practices to minimize internal provisioning costs and, where appropriate, pilot cloud-based e-mail services in 2009 with an eye toward migration, particularly for enterprises with fewer than 10,000 mailboxes, in 2010 or later.

Business Impact: Free up internal capital, technical talent and management resources for more mission-critical applications. Cut operating costs and, in many cases, improve quality of service. There are security, privacy, regulatory and other issues that can have a negative impact if not properly managed.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Cisco; Google; IBM; Microsoft

Recommended Reading: "Case Study: Avago Embraces Gmail for 3,800 Global Users"

"Vendor Focus: Google's GAPE Is Improving but Still Not Ready for High Growth"

"The Impact of SaaS on E-Mail Applications"

Analysis By: Michele Cantara; Daryl Plummer

Definition: A cloud-enabled business process management (BPM) platform is a technology platform that uses BPM technologies to construct and optimize process-centric solutions in a software-as-a-service (SaaS) or cloud service delivery model. Business process modeling and automation environments, BPM pure-play software, and business process management suites (BPMSs) are the most common BPM technologies for BPM as a service. Cloud-enabled BPM platforms encompass the application infrastructure, application, information and process capabilities necessary to support BPM solutions across the process life cycle. A cloud-enabled BPM platform may be used directly by end users, or it may be embedded in vendors' SaaS and cloud service offerings to consumers.

Position and Adoption Speed Justification: Business process modeling is an example of a BPM activity that can be enabled through a BPM platform for cloud computing. This is becoming more popular as organizations seek a lower-cost mechanism to get business process modeling into the hands of a broad number of process stakeholders. Lombardi's Blueprint, which is used by more than 4,000 individuals, is one example of a business process modeling and milestone management tool available as a service. While this tool is not a BPM platform, it leverages platform capabilities. As Lombardi Teamworks is delivered as a cloud-enabled BPM platform, Blueprint will benefit.

A BPMS may also be an example of a BPM platform delivered as a service. While on-premises use of BPMS is still the norm, some companies are opting for a BPMS platform as service delivery model, due to perceived cost savings and in situations where an organization's own IT department does not have the bandwidth to support the BPMS technology.

BPMS pilot projects are another scenario to be enabled through cloud-enabled BPM platforms. Instead of paying upfront capital to purchase a BPMS for a BPM pilot, companies are supporting the pilot with a BPMS platform delivered as a service, rather than an on-premises solution. Once the pilot project has shown promising results, it's easier for the executive sponsor in the end-user organization to make a business case for the on-premises solution. Reducing costs by standardizing business processes has become a popular trend, and companies are using cloud-enabled BPMS products in internal shared-service data centers to support these standardized business services. Often, these implementations are styled as "private cloud services," and the BPMS functionality enables the enterprise to balance lower-cost standardization, while still providing business units or geographies with the ability to configure business processes to their unique needs.

There are also a number of non-BPMS offerings that qualify as cloud-enabled BPM platforms. These include RunMyProcess, which is a BPM platform for modeling and integrating end-to-end business processes involving popular SaaS applications. The Itensil platform helps knowledge workers improve unstructured processes.

The most-prevalent use of BPM capabilities in the cloud is when they are embedded in SaaS or cloud services consumed by end users. Consumers think they are purchasing specific application capabilities. For example, an organization may purchase call center agent coaching from a SaaS provider. The call center agent, which is the consumer of the service, uses coaching and talent management capabilities to develop upselling or cross-selling skills. However, the call center supervisor may want to tailor the coaching process and will make use of cloud-enabled BPM platform capabilities to alter the common functionality originally provided. Many organizations may not even realize they are using BPM platform capabilities in their SaaS and cloud services. Appian Anywhere, a BPMS-as-a-service offering is predominantly used by application vendors that are looking to BPM-enable their applications and offer it via SaaS. Examples of SaaS or cloud service providers that rely on cloud-enabled BPM platform capabilities to make their processes more agile include 170 Systems; Adeptra; Anacomp; CrimsonLogic; DST Systems; Enkata; First Data International; ISCorp; L@W; SunGard; Sword Ciboodle; and Target Group.

User Advice:

• Seek out business process modeling capabilities that are available via SaaS or the cloud. This approach is a cost-effective way of getting a broad number of business stakeholders involved in submitting innovative process ideas and collaborating on "to be" process scenarios.
• Take advantage of BPMS products that are available via platform-as-a-service offerings for your BPM pilot projects. This approach can give you some quick wins that can help build a business case for an on-premises solution or more widespread use of the BPM-platform-as-a-service approach.
• Evaluate BPM "in the cloud" alternatives for your internal shared-service initiatives.
• Evaluate the cloud-enabled BPM platform capabilities of the SaaS and cloud service offerings you plan to purchase. Do not expect infinite degrees of process agility from your service provider. Service providers that use a BPMS as part of their offering will have predefined the range of changes to process flows, rules and user interfaces that can be made in the context of SaaS/cloud pricing and delivery. Ensure that the range of change and frequency of change options are clearly outlined in your service agreement.
• Process-centric solutions offered via SaaS that use BPM technologies will give you a greater degree of flexibility to tailor the solution's user interface, business rules, dashboards, process flows and other artifacts to fit your needs.
• Include provisions in your sourcing contract for exporting models and artifacts in the process repository in the event you want to switch to another provider or bring the solution in-house. These provisions may result in higher costs, but are likely to be better than rebuilding the solution from scratch.
• Ask your service provider whether it is using a BPMS, and find out how "portable" the models and definitions are. In addition, find out who owns the process artifacts you extend with BPM technologies — you or the service provider. In cases where the service provider plans to own the extended process artifacts, limit your usage to nondifferentiating business processes.

Business Impact: Using BPM technologies delivered "as a service" makes BPM accessible to midmarket enterprises that can't afford or lack the bandwidth to support on-premises BPM platforms, as well as Type A organizations committed to moving as much application infrastructure as possible into the cloud to avoid the capital expense of deploying it on-premises. As a result, more organizations can use these tools to improve business processes by making them visible to all process stakeholders.

BPM technologies delivered as a service are largely vendor-driven at present. End-user companies are not accustomed to expecting a lot of process flexibility from SaaS/cloud providers. The SaaS/cloud business model discourages customization to drive scale and contain costs. When service providers use BPM technologies for mass-customization capabilities, they do so primarily to leverage their application infrastructure and improve margins. Most are not yet passing on cost savings to clients, and most lack sufficient governance expertise to enable end-user companies to directly make changes to processes, rules and user interfaces.

During the next 18 months, end-user companies will need to pressure service providers to enable them to alter the process directly. If this is not possible, minimally, client companies should expect the service provider to make sufficient modeling capabilities available so that the process is visible to client business analysts.

The end result will be that processes, rules and user interfaces supporting business processes can be altered in hours or days, rather than weeks, and the client and service provider share a common view of the business process. Most importantly, the business processes supported by process-centric services are no longer unchangeable "black box" processes. These business processes are now fully visible and can be included as part of an end-to-end process in continuous process improvement initiatives.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Appian; Cordys; Fujitsu; IBM; Intalio; Itensil; Lintra; Lombardi Software; Metastorm; Pegasystems; RunMyProcess; Savvion; Serena Software; Singularity; SunGard; Vitria

Recommended Reading: "Managing Business Processes 'In the Cloud' and Outside the Cloud"

"Cool Vendors in the High-Performance Workplace, 2009"

"Cool Vendors in Business Process Management, 2008"

"Findings: Confusion Remains Regarding BPM Terminology"

"Predicts 2009: Use BPM to Confront Business Challenges and Complex Business Relationships"

"Application Infrastructure for Cloud Computing: An Emerging Market"

"Lombardi Makes BPM More Consumable"

"Software as a Service: Component Development Challenges"

"Two Factors That Help Identify the BPMS 'Sweet Spot'"

"Selection Criteria Details for Business Process Management Suites, 2009"

"Magic Quadrant for Business Process Management Suites"

Analysis By: Jay Heiser; Arabella Hallawell; David Cearley

Definition: Today's cloud computing services are relatively nontransparent, making it extremely difficult for potential customers to assess the relative security and compliance risks. Best practices for the risk assessment and security control of cloud offerings have yet to be established or require nascent third-party security controls, leaving most organizations ignoring security requirements, avoiding cloud computing entirely or experimenting with unproven techniques.

Position and Adoption Speed Justification: Many security solutions that are commonly used within the enterprise, such as encryption and data loss prevention, are usually not available within an externally provisioned service. Organizations that are using such security solutions may not be able to achieve the same type or level of protection using a cloud-based service.

It is an inherently ambiguous exercise to determine the relative security posture of a cloud-based service (that is, the likelihood of an attack and the service's ability to resist that attack). Today's cloud vendors are not providing adequate information to enable corporate buyers and security specialists to determine if their services are adequately secure for the storage and processing of highly sensitive or regulated data. Third-party certification programs, such as Statement on Auditing Standards (SAS) 70, International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001, SysTrust and others, remain underused and poorly understood by both offerers and buyers. No standardized certification is intended to evaluate technology, nor can it address granular security and privacy details to the extent that most companies require. Specifically, no certification addresses the encryption or DLP controls that might be used to protect data, the extent to which application and Web interfaces are designed and tested from a security perspective, and the technical mechanisms used to protect the service from administrator misuse or Internet threats (cloud services are prime targets for targeted attacks, such as phishing and social engineering attacks).

Although cloud computing services intended for the U.S. healthcare market typically do commit to Health Insurance Portability and Accountability Act support, most cloud providers are challenged to meet specific regulatory requirements, such as data breach laws, which may require implementation of encryption and prompt notification of any breaches, and few, if any, can help meet Payment Card Industry security standards.

Notification and processes for legal discovery, law enforcement investigation or data breaches must be carved out contractually, and, ultimately, there may be nothing that can be done to prevent government access. Many cloud providers cannot restrict data to a specific geography, making compliance with regional laws a challenge. Providers that have global data center coverage and are able to restrict data to a specific region will have an advantage. Over time, we expect more providers to accommodate regulatory requirements and provide more security transparency and controls, either directly or via third parties, as it becomes clear that this provides a competitive advantage.

Concerns about security and regulatory compliance will impede broad and deep adoption of cloud-based services until certification programs become widely applicable and accepted, providers become more transparent and are able to offer geographic granularity as to where data is stored, and buyers become more proficient and realistic when conducting risk assessment and contract formulation. However, many companies will decide to proceed, despite security concerns. Security, privacy and procurement groups should develop policies as to which types of data or processes are not appropriate for cloud computing until certain security or compliance thresholds are met, and which security controls and processes may be needed as compensating controls. Security/risk groups should also identify datasets and processes where the level of security available with cloud computing today is adequate, and actively work to adopt new tools and technologies over time that enhance the security of cloud-based applications and services.

User Advice: Highly regulated or sensitive proprietary information should not be stored or processed in an external public cloud-based service without appropriate visibility into the provider's technology and processes and/or the use of encryption and other security mechanisms to ensure the appropriate level of information protection. Do not ignore the very real security concerns related to cloud computing, and do not presume that these concerns make cloud computing inappropriate for all enterprise use. Develop a pragmatic and balanced strategy for the safe use of cloud services by your organization, and support it with policies that provide firm guidance on both appropriate and undesirable use cases and processes to enable security professionals to carefully analyze business and legal security requirements. These include adopting new security services, such as those that route users on laptops and mobile devices through the company or a provider network before accessing cloud resources (including secure Web gateway offerings from ScanSafe, Zcaler and Purewire) and authentication/access management solutions that ensure that only the requisite applications or people can access cloud services and vice versa (secure Web gateways, and products from Symplified and Ping Identity are candidate services).

Security- and privacy-related capabilities should be a criterion when evaluating providers, so ask for details on technology, security models and operating procedures. Ask what security products they use and how they implement encryption, DLP and application security. Negotiate security and privacy clauses beyond the standard master service agreement terms of service for data breach notification and responsibility, including service-level agreements, and ongoing access to the results of vulnerability assessments and SAS 70 Type 2s. Also, ask for details on data center coverage and whether you can restrict data to a specific geography. Some cloud-based service providers are providing greater visibility into their security procedures "on an exception basis," usually for larger customers, providing information under nondisclosure agreement, beyond that which is provided on their websites. Over time, we expect this information will be provided in a more standardized fashion as a part of defined premium service levels.

Business Impact: Organizations that avoid taking advantage of new forms of externally provisioned service will pay an opportunity cost by failing to take advantage of products that will be effectively used by their competitors. However, organizations that use cloud computing without adequately understanding the risks will suffer from security, compliance or continuity failures. A well-planned strategy will enable companies to maximize the benefit, while ensuring that they are not undertaking unacceptably high levels of risk.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Sample Vendors: Symplified; Zscaler

Recommended Reading: "Teleworking in the Cloud: Security Risks and Remedies"

"Location Matters: A Model for Assessing Information Risk"

"Gartner Survey Highlights Company Burden of Vetting Third-Party Security Controls"

"Gartner's 30 Leading Locations for Offshore Services"

"Assessing the Security Risks of Products and Services"

"Optimal Security Approaches for the Secure Use of Consumer IT"

"Assessing Risks Using Gartner Risk Assessment Methodology"

"Assessing the Security Risks of Cloud Computing"

"IT Operational Considerations for Cloud Computing"

"How to Manage Risk in Alternative Delivery Models"

"Critical Security Questions to Ask a SaaS Provider"

"Assessing Outsourcing and Third-Party Security Risks"

Analysis By: Donna Taylor

Definition: Cloud storage is part of the storage utility. Although a software as a service (SaaS) offering has some storage associated with it, it is considered a storage utility, since the storage would not be available for any other application. For the purposes of this Hype Cycle, we focus on the enterprise, rather than the consumer community. We specifically look at cloud storage from service providers, such as Amazon, Nirvanix, Vaultscape, and Iron Mountain. A key component of cloud computing and storage is the quality and availability of service and support. This is especially true in an environment in which the storage of data occurs off-site. It includes monitoring, maintaining, and resolving issues that support the storage infrastructure in the cloud.

Position and Adoption Speed Justification: Cloud storage currently has several iterations available on the market. Its evolution is being driven primarily by market demand for low-cost storage alternatives. We expect this segment to hit the peak in about five years when several more implementations and announcements will be made by those entering the market, as well as by those offering revised versions of existing storage offerings. Full-scale adoption is not likely to occur earlier than that due to as-yet unanswered security issues, which could lead to potential legal exposure. Unpredictable monthly costs due to usage variability and the current lack of sufficiently differentiated storage services will also affect the absorption rate of the market.

User Advice: Investigate cloud storage as a low-cost option for certain applications, such as archiving and backup. However, users should be aware of latency and security issues related to the implementation of cloud storage. Take appropriate measures to ensure that the type of data stored in the cloud can withstand latency issues and that security protocols are in place to protect it. Considerable investments in time and money will often be required in order to integrate cloud storage options into current applications and environments.

Business Impact: The business impact can be significant. Customers will play an important role in shaping what is offered and how much it will cost. Cloud storage services, such as backup, versioning, and secure erasure, will offer customers options in satisfying their storage needs, while addressing their security concerns. A variety of different pricing models will allow end users to align their storage costs with their usage rates, with the goal of lowering costs in the short and long term.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Sample Vendors: Amazon.com; Iron Mountain; Nirvanix; Vaultscape

Recommended Reading: "The Storage Utility: From Outsourcing to the Cloud"

Analysis By: Daryl Plummer

Definition: In the service provider view, cloud service elasticity is the ability to increase or decrease the amount of system capacity (for example, CPU, storage, memory and input/output [I/O] bandwidth) that is available to a given cloud service on demand in an automated fashion. The degree of automation of elasticity is determined by the service provider. Manual means of adding capacity are generally discouraged, but are more commonplace in 2009.

The consumer view of this does not require the terminology of elasticity to be used. Consumers simply want the appropriate resources available to them while they are working. For cloud service consumers, the difference between traditional scalability and elasticity is the "scale down" aspect — the consumer of elastic services does not pay for a fixed portion of overall capacity. The consumer pays for only what is used, up to the limits that were previously agreed on with the provider. Payment, price or cost must also be metered and billed in a way that matches the elasticity of the service.

Position and Adoption Speed Justification: Elasticity is one of the more hyped aspects of cloud computing. It is rising rapidly toward the Peak of Inflated Expectations. There is little understanding of what elasticity truly is in the market, and even less of how it can be achieved consistently. However, elasticity techniques and products have existed for some time, and the only need to grow to maturity is the application of these technologies and techniques in a more automated fashion. As the elasticity is automated, the ability to take advantage of shared pools of resources grows.

User Advice:

• Companies seeking to use cloud computing should include elasticity as a critical element of capacity planning and cloud services pricing.
• Use elasticity to reduce the amount of overall capacity you plan to use.
• Supplement your capacity using elastic cloud services.
• Use elasticity in any formula for optimizing cloud-computing costs.

Business Impact: Elasticity is an inherent trait of shared pools of resources, and it refers to tailoring system capacity on demand to its use. The ability to add capacity and release it is necessary for the economics of cloud computing's usage-based models to work. Without this capability, it becomes difficult to enable two key parts of the model:

• 1Pay for only what you use: Consumers of cloud services must be aligned with the amount of capacity that they use. A service provider that wishes to deliver a certain quality of service can throttle a system up or down by using scaling policies and elasticity engines liberally.
• 2Economies of scale through sharing: In an environment where capacity is large or underused, it is possible to share that capacity among unrelated users with the goal of reducing costs for all through sharing. When one segment of capacity is left unused, it can be allocated to any user requiring space. Doing this on a fixed capacity model, or a model in which capacity is always increased, does not allow a service provider to respond as effectively to market conditions or bad economic conditions.

To be sure, no amount of elasticity can prevent a service provider from going out of business. The fact that service providers charge for usage requires them to ensure that they can still make a profit — even if demand/usage is down for long periods of time. As a result, we expect service providers to charge extra for elasticity features, thus enabling them to recoup some of their fixed costs in down periods. Elasticity benefits the consumers and, therefore, is worth any incremental price they may pay. However, the use of an elastic approach provides more flexible options for determining how much capacity should be purchased, as well as when and how that capacity will be allocated from hour to hour. Finally, because the largest cloud-computing providers are able to realize massive economies of scale, the cost to offer a marginal increase in capacity through an elastic pricing model is negligible when compared with the provider’s overall fixed costs. For this reason, providers are likely to encourage high consumption of compute resources by offering low marginal prices.

Benefit Rating: High

Market Penetration: 20% to 50% of target audience

Maturity: Adolescent

Sample Vendors: Amazon; Enomaly; salesforce.com; VMware

Analysis By: David Gootzit

Definition: A portal-as-a-service offering is a horizontal enterprise portal delivered via software as a service (SaaS) to multiple client enterprises from the same, multitenant architecture.

Position and Adoption Speed Justification: During the dot-com boom, hosted portals were closely associated with the first wave of application service providers, and many disappeared during the dot-com bust. Many enterprises have found hosted portals costly and inflexible. Efforts to deliver SaaS in areas such as CRM have renewed the interest in an alternative delivery model for horizontal portal functionality, although several obstacles exist to this delivery mechanism in the portal arena. Security concerns over identity management contribute to end-user reluctance to exploit this option for portal consumption. Securely integrating with enterprise applications and content repositories is another technically challenging area for a SaaS enterprise portal. Although vertical SaaS portals are important in a few vertical industries, including healthcare and automotive, consumption of horizontal portal functionality through a SaaS model is immature. However, enterprise interest in a horizontal portal-as-a-service offering is increasing.

User Advice: Vendors seeking to provide a portal-as-a-service offering that meets the full range of horizontal portal functional needs will face significant technical challenges in areas such as federated identity management, and integration with enterprise applications and content repositories. Microsoft's SharePoint Online Standard represents a true portal as a service, but, in its current state, it offers a limited subset of the functionality available with an on-premises deployment of Office SharePoint Server 2007. Many enterprises are interested in Google's potential in this space. While Google's recent Secure Data Connector announcement supports this direction, Google hasn't yet targeted this space. It needs to fill several gaps to effectively provide a horizontal portal as a service.

Small businesses should investigate SaaS portals today. Large enterprises should adopt a more-cautious attitude, unless a SaaS enterprise portal provider emerges that demonstrates that it has addressed the relevant identity management, reliability and integration challenges. In the short term, integrating cloud services into on-premises portals will be most enterprises' focus. Many organizations with on-premises portals also rely on functions that external SaaS provides in areas such as HR and travel. These are "islands of SaaS" that could become more seamlessly integrated into the portal, by sharing navigation, branding and portlets.

Business Impact: Portal-as-a-service offerings will provide cost savings for small and midsize businesses, as well as for large enterprises. However, large enterprises are not yet using true portals as a service.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Covisint; Microsoft

Recommended Reading: "Portals in the Cloud Will Take Five Forms"

Analysis By: David Mitchell Smith; Gene Phifer

Definition: Cloud/Web platforms use Web technologies to provide programmatic access to functionality on the Web, including capabilities enabled not only by technology but also by community and business aspects. This includes, but is not limited to, storage and computing power. We use the terms "Web platform" and "cloud platform" interchangeably, and sometimes use the term "Web/cloud platforms." They have ecosystems similar to traditional platforms, but Web platforms are emerging as a result of market and technology changes collectively known as "Web 2.0." These platforms will serve as broad, general-purpose platforms, but, more specifically, they will support business flexibility and speed requirements by exploiting new and enhanced forms of application development and delivery. Web platforms reuse many of the capabilities and technologies that have been accessible in websites for more than a decade through browsers by adding programmatic access to the underlying global-class capabilities. Recently, reuse has come through Web services, and is being delivered via Web-oriented architecture (WOA) interfaces, such as representational state transfer (REST), plain old XML (POX) and Really Simple Syndication (RSS). In addition to the capabilities of Web 2.0, these platforms provide programmatic access to cloud-computing capabilities.

Position and Adoption Speed Justification: This is happening in consumer markets. In addition, the concepts are apparent in enterprises' use of service-oriented business applications. Some enterprise use of Web-based capabilities, such as Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2), is beginning as well.

User Advice: Web platforms and related phenomena will affect consumer markets first, but enterprises should evaluate the growing space as an appropriate extension to internal computing capabilities. Use of Web platforms will drive WOA, which enterprises should adopt where appropriate, along with simple interfaces, such as REST, POX and RSS (wherever possible), to exploit the interoperability, reach and real-time agility of the Internet.

Business Impact: Web platforms can be leveraged as part of business solutions, and will form much of the basis for the next generation of interest in the virtual enterprise. Web platforms can decrease barriers to entry, and can deliver substantial value for small and midsize businesses that could not afford to build and maintain capabilities and infrastructures. Examples include Amazon Web Services (including S3 and EC2), salesforce.com's Force.com, Google's App Engine and Microsoft Azure Services Platform.

Benefit Rating: Transformational

Market Penetration: 1% to 5% of target audience

Maturity: Early mainstream

Sample Vendors: Amazon; Google; Microsoft; salesforce.com

Recommended Reading: "Web Platforms Are Coming to an Enterprise Near You"

Analysis By: Lydia Leong

Definition: Compute infrastructure services offer on-demand computing capacity from a service provider. Rather than buying servers and running them within its own data center, a business simply obtains the necessary infrastructure from a service provider in a shared, scalable, "elastic" way and accesses it via the public Internet or a private network.

Position and Adoption Speed Justification: Four main use cases currently exist for "cloud" compute infrastructure services: Web hosting, scientific and high-performance computing, test and development infrastructure, and general production infrastructure. The most rapidly-maturing use case is Web hosting, as it is convergent with the general Web hosting market; features and capabilities formerly available only on dedicated hardware are now being extended to shared cloud resources. The use of these services for test and development infrastructure is growing, although this primarily represents pilot projects, rather than formal lab environments. As the test and development-specific features and management tools improve, formal development environments will become more commonplace. Adoption of cloud resources for batch-oriented compute-intensive workloads may be temporarily hindered by industry-specific requirements, such as GxP compliance for pharmaceutical research. Before cloud compute for general workloads can achieve mainstream adoption, security, risk and compliance issues must be addressed and costs driven down even further. Most of the companies that offer these services are based in the U. S. and although global demand is robust, adoption will be slowed by a lack of strong competition in other regions.

User Advice: In the near term, businesses can safely adopt cloud compute infrastructure services to host Internet-facing Web content and applications. The risks are not significantly greater than other outsourced hosting approaches. Businesses should also consider pilot projects for test, development and compute capacity augmentation, as successful pilot projects can be expanded into broader production use. This market is evolving extremely quickly, so the suitability of these services should be re-evaluated at least once every six months. Notably, although cloud-based disaster recovery offerings are presently limited, there should be multiple such offerings by the end of 2010. Hybrid public-private cloud offerings, enabling "cloud bursting" for on-demand capacity, will also become available in 2010.

Business Impact: Cloud compute infrastructure services will be broadly advantageous to IT organizations. The cost benefits, driven primarily by automation, are particularly significant for small and midsize businesses and larger enterprises will benefit, primarily through flexibility, rather than direct cost reduction. In the near term, the benefits are driven primarily through rapid provisioning that requires minimal manual intervention and over the longer term, more system management tasks will be automated, leading to more efficient infrastructure management. The metered-by-use attribute of these services will result in more efficient use of capacity. The self-service nature of these services will empower employees outside of IT operations, improving developer productivity, as well as making it easier for business buyers to obtain infrastructure.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Amazon; Rackspace; ServePath

Analysis By: Kelly Kavanagh; Greg Young

Definition: "In the cloud" security services are Internet-fabric-based managed firewalls, intrusion detection systems, intrusion prevention systems, antivirus services, distributed denial-of-service protection services, messaging security and Web gateway security services.

Position and Adoption Speed Justification: Providers must deliver on customer expectations for the effectiveness, scalability and cost savings of performing security filtering in the cloud or as a service. The small or midsize business is an appealing initial market for these delivery models at lower price points. The introduction of in-the-cloud and as-a-service offerings has the potential to change the landscape for vendors by tilting the advantage toward bandwidth and security-as-a-service providers, and by giving buyers an additional option in build/buy decisions.

User Advice: Consider availability, customization and switching requirements, in addition to functional requirements, for security controls. Look at leveraging security-as-a-service providers, and bandwidth and remote connectivity service providers for opportunities to consolidate premises-based equipment into cloud-based delivery options, especially for remote-office or branch-office situations that would otherwise require on-site deployment and hardware maintenance.

Business Impact: In the cloud and security as a service have the potential for cost savings and for fast deployment, as compared with equivalent-capacity, premises-based equipment.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Sample Vendors: AT&T; MessageLabs; Perimeter Internetworking; Prolexic Technologies; Purewire; Qualys; Savvis; ScanSafe; Verizon Business; Webroot; Websense; WhiteHat Security; Zscaler

Recommended Reading: "'In the Cloud' Security Services Will Change Providers' Landscape"

Analysis By: David Mitchell Smith

Definition: Gartner defines "cloud computing" as a style of computing where scalable and elastic IT-enabled capabilities are delivered as a service to external customers using Internet technologies.

Position and Adoption Speed Justification: Users are changing their buying behaviors. Although it is unlikely that they will completely abandon on-premises models, or that they will soon buy complex, mission-critical processes as services through the cloud, there will be a movement toward consuming services in a more cost-effective way. As expected of something at the Peak of Inflated Expectations, there is deafening hype around cloud computing. Every IT vendor has a cloud strategy, although many aren't cloud-centric. Variations, such as private cloud computing and hybrid approaches, compound the hype and demonstrate that one dot on a Hype Cycle cannot adequately represent all that is cloud computing.

User Advice: Vendor organizations must clarify their cloud strategies in the next 12 months, while user organizations must demand road maps for the cloud from their vendors today. Users need to map their view of the cloud to that of any potential providers, and focus more on specifics than on general cloud ideas.

Business Impact: The cloud computing model is changing the way the IT industry looks at user and vendor relationships. As service provisions (a critical aspect of cloud computing) grow, vendors must become, or partner with, service providers to deliver technologies indirectly to users. User organizations will watch portfolios of owned technologies decline as service portfolios grow. The key activity will be to determine which cloud services will be viable, and when.

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Amazon.com; Google; Microsoft; salesforce.com

Recommended Reading: "Key Issues for Cloud Computing, 2009"

"The What, Why and When of Cloud Computing"

Analysis By: Daryl Plummer

Definition: Gartner's definition of cloud computing essentially describes public cloud computing as a style of computing where scalable and elastic IT-enabled capabilities are provided "as a service" to external customers using Internet technologies. Therefore, public cloud computing is the use of cloud-computing technologies to support customers that are external to the organization of the provider. It is through public consumption of cloud services that the types of economies of scale and the sharing of resources will be generated to reduce cost and to increase choices available to consumers.

Public cloud computing carries with it the concerns that security, data management, trust, control and guarantees of appropriate performance will not be sufficient to support enterprises' needs. Enterprises want the value delivered through cloud-computing services, but also need to ensure that the concept is ready for delivering services that a company can rely on over time. However, public cloud computing has proved itself time and again in the context of the Internet and the Web from what is commonly referred to as a "consumer perspective." Sites such as Flickr and Facebook, and countless business sites delivering services from entertainment to healthcare records, have been in use for some time in the public context.

Position and Adoption Speed Justification: The public cloud is moving up the Hype Cycle and rising toward the Peak of Inflated Expectations. As enterprises awaken to the concept, they begin to experiment with it before investing. In addition, cloud providers are advertising their ability to deliver enterprise services and reduce cost. Customers should still be cautious about the claims of most providers, because their models are still unproved for enterprise use.

User Advice: User companies should be in experimentation mode with cloud computing in 2009. 2010 will be a year for investment, and high growth of cloud computing will exist from 2010 through 2012.

Business Impact: The business impact of cloud computing in the public sense can be varied, but the basic opportunity is for businesses to consume services from other companies that will allow them to cease providing those services themselves. This can lead to companies eliminating work that previously might have been done in-house. It can also lead to massive changes in the way money is spent (for example, using operating expenses to fund external services, rather than using capital expenses to fund IT projects).

Benefit Rating: Transformational

Market Penetration: More than 50% of target audience

Maturity: Early mainstream

Analysis By: Donna Scott

Definition: Real-time infrastructure (RTI) represents a shared IT infrastructure (across customers, business units or applications) in which business policies and service-level agreements drive dynamic and automatic allocation and optimization of IT resources (that is, services are elastic), so that service levels are predictable and consistent, despite the unpredictable demand for IT services. Where resources are constrained, business policies determine how resources are allocated to meet business goals. RTI may be implemented in private and public cloud architectures, and where it is implemented is what provides the elasticity functionality.

Position and Adoption Speed Justification: This technology is immature from the standpoint of architecting and automating an entire data center and its IT services for RTI. However, point solutions have emerged that optimize specific applications or specific environments, such as dynamically optimizing virtual servers (through the use of performance management metrics and virtual server motion technologies) and dynamically optimizing Java Platform, Enterprise Edition (Java EE)-based shared application environments. Moreover, enterprises are implementing shared disaster recovery data centers, whereby they dynamically reconfigure test/development environments to look like the production environment for disaster recovery testing and disaster strikes. This type of architecture can typically achieve recovery-time objectives in the range of one to two hours after a disaster is declared.

User Advice: Surveys of Gartner clients indicate that the majority of IT organizations view RTI architectures as desirable for gaining agility, reducing costs and attaining higher IT service quality. Overall progress is slow for internal deployments of RTI architectures because of many impediments, especially the lack of IT management process and technology maturity levels, but also because of organizational and cultural issues. It is also slow for public cloud services, where applications may have to be written to a specific and proprietary set of technologies to get dynamic elasticity. We see technology as a significant barrier to RTI, specifically in the areas of root-cause analysis (required to determine what optimization actions to take), service governors (the runtime execution engine behind RTI analysis and actions), and integrated IT process/tool architectures and standards. However, RTI has taken a step forward in particular focused areas, such as:

• Dynamic provisioning of development/testing/staging environments
• Server virtualization and dynamic workload movement
• Reconfiguring capacity during failure or disaster events
• Service-oriented architecture (SOA) and Java EE environments for dynamic scaling of application instances

Moreover, many IT organizations that have been maturing their IT management processes and using run book automation technology to integrate processes (and tools) together to enable complex, automated actions are moving closer to RTI through these actions. IT organizations desiring RTI should focus on maturing their management processes using Information Technology Infrastructure Library (ITIL) and maturity models (such as Gartner's I&O Maturity Model [IOMM]), and their technology architectures (such as through standardization, consolidation and virtualization). They should also build a culture that's conducive to sharing the infrastructure. Organizations should investigate and consider implementing early RTI solutions in the public or private cloud, which can add business value and solve a particular pain point, but should not embark on data-center-wide RTI initiatives.

Business Impact: RTI has three value propositions expressed as business goals:

• Reduced costs, achieved by better, more-efficient resource use, and by reduced IT operations management (labor) costs
• Improved service levels, achieved by dynamic tuning of IT services
• Increased agility, achieved by rapid provisioning of new services or resources, and scaling of established services

Benefit Rating: Transformational

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: CA; DataSynapse; IBM Tivoli; Novell; Scalent; Univa UD; VMware

Recommended Reading: "2008 Data Center Polling Shows Server Virtualization Spurs RTI"

"Cloud Services Elasticity Is About Capacity, Not Just Load"

"Five Refining Attributes of Public and Private Cloud Computing"

Analysis By: Claudio Da Rold; Frank Ridder

Definition: An IT infrastructure utility (IU) is a shared IT infrastructure architecture provided through on-demand services. Pricing is based on service use and proven, ongoing reductions in the fixed baseline (or subscription fees) and unit costs. The IU is open, flexible, predesigned and standardized, as well as virtualized, highly automated, secure and reliable.

Position and Adoption Speed Justification: The industrialization of the IT services industry continues within a range of alternative delivery models. Cloud computing is driving increased innovation, investment and hype at different service layers, including infrastructure services. Most service providers have already incorporated IU solutions into their portfolios. If not, they often deliver infrastructure services, such as utility, in a usage-based model. Most of these providers are positioning IU and cloud computing as two sequential or parallel steps toward industrialized, off-premises services.

Seven attributes define an IU, creating unique value for organizations of all sizes. IUs are outcome-focused, ready-to-use and charged on a usage basis. Enterprises can scale their IU use up or down. IUs are also highly virtualized and shared, automated, lean, and standardized.

The most basic IU style is utility hosting, which has evolved from traditional dedicated hosting. Providers added service elements, such as virtual servers and virtual storage, to traditional hosting to support flexible provisioning, which often still requires manual intervention to execute. Most vendors and traditional outsourcers have already added these virtualized utility services to their portfolios.

From a management content perspective, the most-developed IU offerings build on these basic IU services, adding elements designed to support a specific application landscape, such as ERP, e-mail and CRM. The client is still in full control of the customized applications, while the service provider controls and manages the operating platform. The provider tailors the architecture/performance/price of the service to the application requirements — for example, billing on a per-user or per SAP Application Performance Standard (SAPS) basis. IUs for specific applications include Capgemini's SAP Run, IBM Applications on Demand for SAP, HP Utility Sourcing Services for SAP, T-Systems Dynamic Services for SAP, and Logica SAP ODIS (see the Recommended Reading section).

Amazon.com (ECC and S3 offerings); smaller providers GoGrid, Joyent and Linode; and virtual data center hosting companies deliver IU services that leverage a cloud computing approach. Virtual data center hosting companies enable the implementation of complex virtual architectures in their hosting data centers. Traditional outsourcers and small startups, such as ThinkGrid, are also introducing virtualized desktop utility services in the market.

Most infrastructure service providers have delivered some financial flexibility to their clients — even in dedicated environments in the past. However, under the competitive pressure of virtualized and shared IU offerings, service providers must move ahead with real IT service industrialization to deliver standardized, virtualized and shared environments that also enable additional layers of automation.

From a maturity perspective, we map the advancement of IU against our Infrastructure Utility Maturity Model (IUMM). Leading IU providers are delivering at Level 3 (virtualized) of the IUMM and are progressively implementing Level 4, which is all about automation. A recent research series on IUs for SAP — where automation is in addition to a virtualized and standardized infrastructure — demonstrates that these IUs enable better quality of services, reduced cost and fast reactivity/flexibility. Client case studies also confirm that these services have a compelling value proposition compared with traditional in-house and outsourced approaches.

Although IUs for SAP are quite mature, and more than 400 clients leverage this solution from different service providers, more-complete IU architectures are emerging within leading IU providers. These architectures offer basic IU services (virtual server and virtual storage) that are modular. Providers can group and combine these services to support complex client requirements. At the application infrastructure layer, for example, providers offer an IU for SAP and a CRM IU. In the messaging and collaboration space, they add IU for Microsoft Exchange, Lotus Notes or Microsoft SharePoint. Providers offer these IU services with standard terms and conditions (T&Cs), different categories of standard service levels to choose from, and options to combine services with each other.

The contribution that IU solutions make to a client's ability to control and increase flexibility is the key factor accelerating these solutions in the market:

• Price: Providers can spread costs across multiple clients because of the high use of virtualization technologies, standardization, and their investment in technology and tools. Process standardization and the use of automation also help to reduce cost. There is limited costly customization, and pricing for IUs decreased by 5% to 10% from 2008 to 2009, which is a great efficiency gain.
• Flexibility: Companies that grow through acquisitions or shrink due to restructuring and other firms with dynamic resource needs can benefit significantly from an IU solution. Scaling the service up or down is easy, because providers offer usage flexibility of up to 50%, which helps reduce costs quickly (by reducing volume).

IUs are increasingly accepted on the market, and more organizations include them in their IT services value chain. Especially during tough economic times, organizations consider IUs as a fast way to achieve benefits. Almost half of client organizations use outsourced services in North America, 35% in Europe already use utility services, and more than 25% of these organizations plan to implement IUs within 24 months. This confirms that the IU has crossed the Trough of Disillusionment, and started the path toward maturity and broad adoption.

Traditional providers must continue to invest and industrialize their IT infrastructure service delivery, because new and disruptive approaches — especially those based on cloud computing — will progressively threaten the status quo of every insourced or outsourced solution. In the medium to long term, IUs will drive consolidation, and large providers will end up winning the market share battle, growing organically or by acquisition.

User Advice: IU is an emerging alternative delivery and acquisition model for infrastructure management services.

All clients should:

• Gain awareness and understanding of this emerging offering to leverage its value for their enterprises.
• Investigate critical areas, including pricing mechanisms and demand management, architectural specifications and limits, transition in and out, contract T&Cs, security, compliance, auditing, and risk management.
• Include IUs in the set of service options under evaluation as part of their sourcing strategy and enterprise architecture.
• Use the Gartner IUMM as a road map to follow the evolution of infrastructure toward the real-time infrastructure concept. This evolution will affect most organizations, regardless of their decision to transform and run their infrastructure internally (insourced delivery) or externally (outsourced delivery or IU).

Organizations delivering their IT infrastructure services in-house should:

• Regularly check how IU offerings are advancing in the market. Increasingly, these offerings will become the external benchmark for price, efficiency and flexibility. Examples include an SAP production managed platform (excluding SAP licenses) at $20 per user per month (PUPM) or a Microsoft Exchange IU service at $8 PUPM.

Organizations considering outsourcing deals or utility offerings should:

• Concentrate on pricing units and pricing schema — and on the related tools for service requests, metering, billing, and financial and service reporting — to understand the maturity of offerings. The degree of flexibility must align to client requirements and the maturity of the offerings.
• Request references from other clients using these offerings and pricing units, and exercise due diligence in actively checking those references.
• Ask the provider to carefully describe the processes, automation tools and service-level agreements underpinning service delivery quality and efficiency, because a focus on unit definition and pricing alone is insufficient to achieve the best value for money.
• Request that providers communicate their service/architecture road map to understand how their offerings evolve over time and to judge the potential for lock-in into their specific architecture.

Business Impact: IT IU can optimize the cost-efficiency and service effectiveness of the IT infrastructure; increase flexibility in response to business requirements; and deliver an open, predefined, automated platform for innovation. To benefit, clients must overcome significant cultural, financial and technical issues, such as standardization acceptance, independent software vendor pricing strategies, application portability, virtualization and policy-driven management on heterogeneous environments. The uncertain economy and the rise of cloud computing will accelerate the evolution toward industrialized IT services.

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Amazon.com; Atos Origin; AT&T; BT Global Services; Capgemini; CSC; HCL Technologies; HP; IBM; Logica; Rackspace; Savvis; Siemens IT Solutions and Services; T-Systems; Terremark; Unisys

Recommended Reading: "Keiper: Adopting an Infrastructure Utility for Flexibility and Efficiency"

"Case Study: Areva Gains IT Flexibility Through an Infrastructure Utility"

"Oxea Shows How Infrastructure Utility Can Deliver Speed and Efficiency"

"Case Study: How IT Utilities Support Rio Tinto's IT Dynamics and Company Moves"

"Case Study: Nampac Adopts the IBM Infrastructure Utility for SAP Applications"

"Comparing Cloud Computing and Infrastructure Utility"

"IT Infrastructure Utility Services Reach 5% of Data Center Outsourcing Revenue"

"Infrastructure Utility in Practice: Offerings Description"

"Q&A on IT Services Industrialization"

"Dataquest Insight: A Service Provider Road Map to the Cloud Infrastructure Transformation"

Analysis By: Robert DeSisto

Definition: Software as a service (SaaS) is software that is owned, delivered and managed remotely by one or more providers. If the vendor requires user organizations to install software on-premises using their infrastructures, then the application isn't SaaS. SaaS delivery requires a vendor to provide remote, outsourced access to the application, as well as maintenance and upgrade services for it. The infrastructure and IT operations supporting the applications must also be outsourced to the vendor or another provider.

The provider delivers an application based on a single set of common code and data definitions, which are consumed in a one-to-many model by all contracted customers at any time. Customers may be able to extend the data model by using configuration tools supplied by the provider, but without altering the source code. This approach is in contrast with the traditional application hosting model, in which the provider supports multiple application codes and multiple application versions, or a customized data definition for each customer.

SaaS is purchased on a pay-for-use basis or as a subscription based on usage metrics. Purchasing is based on a subscription (for example, a per-user, per-month fee) or usage basis (for example, allocating a certain number of transactions for a fixed time period). A perpetual license purchase is not considered SaaS.

Position and Adoption Speed Justification: The purpose of the SaaS Hype Cycle positioning is to provide an aggregate view of the state of SaaS in the context of cloud computing. There are examples of SaaS, such as isolated tenancy, that would not be considered cloud computing. The SaaS positioning on the Hype Cycle reflects the maturity of SaaS in the context of leveraging the cloud-computing infrastructure. Because different software applications using SaaS would be placed on different spots on a Hype Cycle, the post-Trough of Disillusionment positioning reflects the fact that SaaS is proven in certain markets, but remains nascent in complex application markets, such as ERP.

User Advice: Companies with complex requirements should not assume they will significantly lower their total cost of ownership or reduce complexity by moving to SaaS. Companies with tight capital budgets, and those that are IT resource-constrained or want to get something simple deployed quickly should consider SaaS. Even if one or more of the three elements involved in considering SaaS are not met, a SaaS solution still may be best for a company. As with any product, however, a company should evaluate the functional capabilities of the SaaS offering to meet the company's specific requirements.

Business Impact: SaaS has the effect of lowering expenses for the first two years because it does not require an upfront capital investment. However, in outlying years, SaaS may become more expensive because the operating expense does not decrease. SaaS is also helpful to companies that do not have IT resources to deploy and maintain on-premises software. This is prevalent in small and midsize businesses, but is also applicable to large businesses that may have experienced downsizing in the IT department.

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Concur; Microsoft; NetSuite; salesforce.com; SuccessFactors; Taleo

Recommended Reading: "Essential SaaS Overview and 2009 Guide to SaaS Research"

"Fact Checking: The Five Most-Common SaaS Assumptions"

"Predicts 2009: Software as a Service Gains Traction"

"Key Issues for Software as a Service, 2009"

Analysis By: Robert DeSisto

Definition: Although there are many components of a sales force automation (SFA) solution (such as proposal generation, sales configuration and pricing management), the primary focus of software-as-a-service (SaaS) SFA is opportunity management. This is the practice of systemizing how sales channels pursue sales opportunities in the context of preferred philosophies, methodologies and strategies. As opportunities enter the sales cycle in the form of leads, they are tracked and updated as they move through a defined sales process. Leads may be developed by an inside sales channel, then distributed to direct salespeople or selling partners to close. Pipeline management capabilities provide a view of sales opportunities by sales stage or potential close date. As required, salespeople can create and submit forecasts from their active opportunities. With visibility into opportunity data, sales management can inspect, coach and mentor sales representatives while analyzing the opportunity data at each level in the sales hierarchy to predict sales performance.

The underlying customer information layer of opportunity management is contact management. Contact management systems provide internal data — such as name, address, interactions and product/revenue values — for the accounts in a territory and the contacts in an account. Salespeople can create and share valuable account/contact intelligence, such as account strategies, corporate goals or strategic objectives, competitive presence, and decision-making authority and disposition. Customer information can be enhanced further by incorporating external or third-party data, as well as customer profiles derived from marketing or customer service (for example, customer value or churn risks).

Position and Adoption Speed Justification: In the past year, SaaS SFA has rapidly moved through the Hype Cycle, as Gartner estimates there are close to 1.7 million users leveraging it. All market segments, from small to large, have validated its use, and users have a much better expectation of the real benefits and costs associated with SaaS SFA. IT departments are more engaged in purchasing decisions, and are getting more involved in vendor evaluations, placing higher scrutiny on the on-demand provider's data center operations, upgrade practices and service-level agreements.

A couple of gating issues remain to moving through the Plateau of Productivity, such as better support of disconnected laptops and a better understanding of the true total cost of ownership (TCO) during the three-to-five-year horizon. Also, Gartner has seen an increase in inbound inquiries questioning the cost benefits of SaaS.

User Advice: Sales organizations with complex requirements (such as significant process automation outside of opportunity management and complex real-time integrations) should not assume that they will significantly lower their TCO simply by moving to SaaS. Companies with tight capital budgets, and those that are IT-resource-constrained or that want to get something simple deployed quickly should consider SaaS SFA. Even if one or more of the three elements involved in considering SaaS SFA are not met, a SaaS solution still may be best for a company. However, as with any product, sales organizations should evaluate the functional capabilities of the SaaS SFA offerings to meet the company's specific requirements.

Business Impact: The primary business effect of SaaS SFA involves the capabilities that manage accounts, contacts, opportunities and sales pipelines. Sales organizations gain greater visibility, sales process formalization, and help with bottom-up forecasting.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Early mainstream

Sample Vendors: CDC Software (Pivotal); Microsoft; NetSuite; Oracle; salesforce.com; Sage Software; SugarCRM; Zoho

Recommended Reading: "Essential SaaS Overview and 2009 Guide to SaaS Research"

"A Framework for Evaluating Sales Force Automation Application Functionality"

"Fact Checking: The Five Most-Common SaaS Assumptions"

Analysis By: Thomas Bittman

Definition: IT virtualization is the abstraction of IT resources in a way that masks the physical nature and boundaries of those resources from resource users. An IT resource can be a server, a client, storage, networks, applications, operating systems or a search engine. Essentially, any IT building block can potentially be abstracted from resource users.

Abstraction enables better flexibility in how different parts of an IT stack are delivered, thus enabling better efficiency (through consolidation or variable usage) and mobility (shifting which resources are used behind the abstraction interface), and even alternative sourcing (shifting the service provider behind the abstraction interface). A key to virtualization is being able to effectively describe what is required from the resource in a relatively independent and standardized manner, or having an interface that converts requests into a "portable" and abstracted form. In essence, cloud computing is all about abstracting service implementation away from the consumers of the services by using service-based interfaces (in other words, the interface for cloud-computing services is all about virtualization — an abstraction interface). But to a provider, virtualization creates the flexibility to deliver resources to meet service needs in a very flexible, elastic, rapidly changing manner. The tools that make that happen could be virtual machines, virtual LANs (VLANs), or grid/parallel programming.

Position and Adoption Speed Justification: Virtualization is not simply one technology, rather it is many technologies that are all evolving at different rates. Virtual machines for servers, for example, were introduced on the mainframe more than 30 years ago. However, virtual machines for x86 architecture servers were first introduced in 2001, and, today, are used for less than 20% of all x86 architecture workloads. x86 architecture server virtualization is being rapidly adopted, however, and is expected to be used by more than half of all workloads by 2012. Storage virtualization is relatively mature within storage vendor offerings, originally in homogeneous forms only, but with a growing number of heterogeneous offerings. Networking is extremely mature in terms of virtualization. There are many different forms of virtualization, and the challenge is in choosing which form of virtualization to use. For example, server virtualization tools tend to dictate how storage and networking will be virtualized. Abstracting a resource usually means commoditizing it, so vendors will not promote an abstraction technology that hides their differentiation, and thus will promote their own virtualization technologies. There are many technologies and many competing solutions, and not all of the technologies are mature as of yet.

User Advice: The virtualization trend has caused huge turmoil with vendors, threatening commoditization status, and removing the vendor's ability to differentiate and influence buyers. Vendors are focusing on competing for ownership of the virtualization layers, and the management/automation tools that work with those virtualization layers. Be cautious about vendors that promote one technology to virtualize everything. Different technologies will be appropriate for different situations. Be cautious about vendors that promote one technology to manage everything. In the end, architectures will include many different virtualization layers, with many different management mechanisms. Effective tools will work with those different management mechanisms, rather than replace them. Virtualization is about much more than simply technology architecture. Virtualization causes cultural and political change. Virtualization projects, therefore, need strong executive support to drive those changes. Finally, virtualization requires processes and management tools to fundamentally change. Processes need to account for speed, agility and granularity — all of which are very different in virtualized environments. At the highest level, management tools need to shift from managing vertical, tightly integrated silos, into managing horizontal resource pools to meet service needs. Virtualization projects that don't have effective management strategies will fail.

Business Impact: Virtualization makes it easier for IT to deliver faster, to have a lower barrier to entry and to deliver only exactly what is needed — no more and no less. This puts more pressure on the user to use IT efficiently, and to make good business decisions about the use of IT. As an IT catalyst, virtualization can help a business adjust to changing market trends much faster than before, transforming the business and its use of IT. However, a lubricant used badly can also cause a business to "slip and fall."

Virtualization forces enterprises to deal with IT like any other business unit — not simply a cost center, but as an investment. Businesses will need to adjust to leverage the speed and granularity that virtualization provides (for example, virtual machines can be deployed roughly 30 times faster than physical servers). That includes making good decisions about how many resources to ask for, and taking advantage of speed to deploy IT-based solutions much faster to meet the business's needs. Part of an effective virtualization deployment requires shifting to usage-based costing and chargeback to treat this more-fluid IT resource as any other business.

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Early mainstream

Sample Vendors: Cisco; Citrix; EMC; HP; IBM; Microsoft; NetApp; VMware

Recommended Reading: "Virtualization Changes Virtually Everything"

Analysis By: Andrew Frank

Definition: Cloud advertising is a business process cloud service defined as the capability to deliver advertising where the content and the fee charged is determined at the time of end-user access, usually by an auction mechanism that matches bidders with “spots” as they become available. Search engine marketing (SEM) and various forms of online display advertising (e.g., banners) are the most-developed formats, but the concept is also evolving to other channels and platforms such as online video, mobile devices, addressable television, and out-of-home digital signage.

Position and Adoption Speed Justification: Cloud advertising has been developing steadily over the past decade, although its classification as such is new. The trigger for this technology was arguably the emergence in 1998 of goto.com, a spin-off from Idealab that offered advertisers a platform on which they could bid to appear at the top of search results pages for specific searches. Goto.com was subsequently renamed Overture and acquired by Yahoo. Google launched AdWords in 2000 and later settled a patent dispute with Yahoo over search advertising in 2004. As the dynamic auction model proved successful, it moved beyond search to other formats and channels, although search continues to command the largest share of cloud advertising.

Cloud advertising is forecast to be the largest contributor to the growth of cloud services revenue over the next five years and, as such, is a large and slow-moving trend. Although somewhat mature in the online category, its growth in other digital media is still to come and is currently the focus of major investments all along the advertising, media and communications value chain.

The designation of this category of business-process-as-a-cloud service acknowledges the significance of its revenue contribution to the development of cloud infrastructure and applications.

User Advice: Marketers should hire or partner with specialists to realign advertising practices around cloud-based processes.

Marketers especially need to develop integrated enterprisewide platforms and approaches to measure and optimize marketing activities across channels based on capabilities presented by cloud advertising services.

Business Impact: Cloud advertising will have a high impact on the economics and accountability of advertising and marketing in general. Marketing is often characterized as largely unaccountable spending, particularly when a recession brings cost-cutting pressures to bear. Cloud-based marketing data and exchanges that support highly targeted delivery of rich messages and interactive response will create new opportunities to reduce risk and improve the efficiency and effectiveness of advertising, tying activities more closely to sales and thus making them less vulnerable to cuts.

Benefit Rating: Transformational

Market Penetration: More than 50% of target audience

Maturity: Early mainstream

Sample Vendors: AOL (Platform-A); Baidu; Google; Microsoft; Yahoo

Recommended Reading: "Forecast: Sizing the Cloud; Understanding the Opportunities in Cloud Services"

"Making Digital Advertising Work for Media Companies"

"Targeted Advertising and the Privacy Predicament"

Analysis By: Carl Claunch; Andrew Butler

Definition: Grid computing refers to using computers managed by more than one organization, whether internal or external, to collectively accomplish large tasks, such as derivative risk analysis, candidate drug screening or complex simulations.

Position and Adoption Speed Justification: Grid computing is an extension of cluster computing, and its use is well under way in financial services and pharmaceutical firms that have made substantial progress in applications, algorithms and new research processes. Electronics, mechanical engineering and insurance companies are among those industries that are increasingly using grid computing. Many emerging cloud service providers will use grid concepts, but these uses will lag behind the initial adopters. University and national laboratory use of grid computing is more common than in the private sector.

User Advice: Grid computing potentially could be used in two ways: It can help lower costs or increase the efficiency of a fixed amount of work. More importantly, however, it can offer business or mission-attainment advantage by accomplishing what was not feasible when using more-traditional approaches. Often, this means increasing the accuracy of a model, producing results in a short time, looking for earlier interactions, reducing the time it takes to search libraries of compounds that are drug candidates, or sometimes enabling a new business model.

When advantages can be gained from scaling up processing, add grid computing to the list of potential implementation approaches. When the objectives are mainly to reduce costs or improve efficiency, consider other more-mature alternatives with fewer issues to overcome.

Business Impact: Investment analysis, drug discovery, design simulation and verification, actuarial modeling, subsystem clash detection and extreme business intelligence tasks are areas where grid computing may enable business advantages.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Early mainstream

Sample Vendors: Appistry; DataSynapse; Digipede; HP; IBM; Platform Computing; Sun Microsystems; Univa UD

Analysis By: Benoit Lheureux; Paolo Malinverno

Definition: There is a market for business-to-business (B2B) integration capabilities that are hosted in a multitenant environment and delivered as a service, rather than as software. Traditionally known as electronic data interchange (EDI) value-added networks (VANs), we now refer to these hosted offerings as integration as a service (IaaS), and we call the vendors that offer such services (usually in one role relative to other roles) integration service providers.

IaaS involves the combination of several categories of functionality:

• Communication services — Multiprotocol support with EDI, FTP, Applicability Statement 2 (AS2), RosettaNet and Web services; the ability to connect to cloud-computing application programming interfaces (APIs), such as those from salesforce.com or Google.
• Community management services — At one time, these consisted largely of online electronic transaction tracking and reporting tools; however, they now increasingly include collaboration tools to facilitate the collection of community member profile information, the provisioning of electronic connections and managing certificates for security.
• Integration and interoperability services — In-line translation and back-end system integration; online development tools for implementing services-based choreography and data translation; governance mechanisms to define and manage distributed service policies; and dashboards and reporting mechanisms for monitoring B2B connections, messages and transactions, etc.
• Optional application services — These include order visibility, data validation and compliance management. Such functionality is delivered as software as a service (SaaS) and ranges from lightweight ERP capabilities (such as order management for small suppliers), which is tightly integrated with an IaaS offering, to more full-featured forms of e-commerce SaaS (such as vendor management inventory), which are sold separately from (but often enabled by) IaaS.

In many cases, IaaS is only one component of a vendor's overall IT solution portfolio. Thus, rather than simply categorizing all such vendors as integration service providers, it is more accurate to say that many vendors offer IaaS in one role, while offering other IT products and services (such as SaaS) in another. To qualify as an IaaS provider, according to this definition, a vendor must market and support IaaS as a stand-alone offering, which is separate from its other IT products and services. Vendors that bundle hosted integration services into their overall IT portfolios may be offering IaaS and doing what they need to do to address their customers' B2B integration requirements, but Gartner does not consider them direct competitors in the IaaS market segment.

Position and Adoption Speed Justification: Many IaaS providers that were primarily supporting only EDI mailbox-based B2B projects have substantially expanded their services during the past five years, and new IaaS providers have entered the market. For example, in addition to their continued support for more-traditional approaches to B2B — such as EDI, FTP (still widely used), and async and bisync dial-up (which are still being used, but are in decline) — the more well-established providers of IaaS (such as GXS, Sterling Commerce and Inovis) now support modern B2B data formats and protocols, such as XML, AS2, Web services, RosettaNet and new forms of multienterprise collaboration, as well as near-real-time multienterprise process and compliance monitoring. Meanwhile, new IaaS providers (such as Boomi, Cast Iron and Pervasive Software) have entered the market, primarily targeting cloud-computing/SaaS integration scenarios.

There are two sectors in the B2B market. One is focused on traditional e-commerce, and the other involves cloud-computing/SaaS integration. They are highly segregated; however, we already see users implementing projects that blend these B2B project scenarios. For example, companies implementing CRM functionality on salesforce.com are increasingly integrating sales orders with on-premises order management applications and related e-commerce projects.

The widespread use of IaaS for traditional e-commerce projects has been pulling IaaS steadily up the slope toward the Plateau of Productivity, and the fast-growing adoption of IaaS for multienterprise SOA projects and cloud-computing/SaaS integration projects will help drive IaaS momentum up the slope and ultimately into the Plateau of Productivity during the next few years. IaaS is being offered by a wide range of providers, ranging from vendors that are primarily focused on traditional e-commerce projects (such as GXS) and those focused primarily on cloud-computing/SaaS integration projects (such as Boomi).

Although the Trough of Disillusionment is several years past, IaaS is traveling up the slope to the Plateau of Productivity slowly. Vendors continue to expand and refine their IaaS offerings to incorporate new capabilities, including more-programmatic APIs to access IaaS services and support automated provisioning. Vendors are also implementing Web-based IaaS development in support of IT end-user and independent software vendor (ISV) self-provisioning of IaaS functionality; adding better Web services and governance support to support multienterprise service-oriented architecture (SOA) projects; expanding operations, including multisite regional data centers to more effectively support international B2B projects; and improving community management tools to enable self-service IaaS and drive down costs for hubs managing large multienterprise communities.

User Advice: Companies that don't want to unilaterally manage their own B2B infrastructures should consider IaaS.

Multinational IaaS capabilities are maturing, but prospects should always verify whether a potential IaaS provider can meet their particular country-by-country requirements, including local-language support and in-country IaaS network points of presence.

When negotiating an agreement with providers, look for transparent and predictable pricing. Customers are increasingly signing deals with "bundled" B2B integration features, such as a tiered number of external business partners and volume, fixed-price in-line translation, and process visibility that associates relevant B2B documents (for example, purchase orders, advanced shipment notices and invoices for order to cash).

Refer to the "Gartner Magic Quadrant for Integration Service Providers" and "Who's Who in Cloud-Computing/SaaS Integration, Volume 1" to gain an understanding of the highly diversified IaaS vendor landscape.

Integration projects can be deceptively complex, and, by itself, IaaS doesn't always sufficiently address customer requirements. Determine whether your IaaS provider also offers such services as B2B project outsourcing.

Business Impact: IaaS has been widely deployed worldwide for more than a decade. In 2008, it generated more than $1 billion in IT revenue worldwide. This makes IaaS one of the most widely adopted and well-established forms of application infrastructure delivered as SaaS. Although many companies still implement B2B projects themselves, leveraging a combination of in-house integration middleware and B2B standards or Web APIs, companies of all sizes, in all industries and in most well-developed regions have the option to outsource their B2B infrastructures, rather than licensing and deploying some form of in-house B2B integration software.

Multienterprise projects are typically mission-critical, but the increased modernization, reliability and scale provided by most providers of IaaS mean that companies have a viable alternative to B2B software and in-house B2B infrastructure projects. Hence, from a sourcing point of view, they should treat B2B infrastructure investments like any other IT investment when choosing between implementing an in-house B2B infrastructure or relying on IaaS.

Even the simplest in-house, single-server B2B infrastructure project may require off-site hosting, high-availability server configurations, disaster-recovery capabilities, monitoring tools and a well-trained staff. Service providers with well-established, multitenant infrastructures can generally achieve economies of scale to deliver such capabilities. For common integration scenarios, they often provide some form of configurable or customizable prepackaged integration solutions. This means they have the opportunity to save companies 10% to 30% on the cost of implementing B2B infrastructure themselves, in-house, by leveraging their packaged integration, as well as fault-tolerant and disaster recovery capabilities across multiple B2B communities.

Benefit Rating: High

Market Penetration: More than 50% of target audience

Maturity: Mature mainstream

Sample Vendors: Advanced Data Exchange; Bluewolf; Boomi; BT Group; Cast Iron Systems; CrossGate; DIcentral; E2open; EasyLink Services International; Elemica; GXS; Hubspan; Informatica; Inovis; Liaison Technologies; Mincom; nuBridges; Perfect Commerce; Pervasive Software; Railinc; RedTail Solutions; Seeburger; SPS Commerce; Sterling Commerce; T-Systems; TietoEnator; True Commerce

Recommended Reading: "Taxonomy and Definitions for the Multienterprise/B2B Infrastructure Market"

"Forecast: Sizing the Cloud; Understanding the Opportunities in Cloud Services"

"Magic Quadrant for Integration Service Providers"

"Market Update for Integration Service Providers"

"SaaS Integration: How to Choose the Best Approach"

N/A