The theoretical promise of cloud computing (price, service, elasticity, etc.) is compelling. In the meantime, many enterprises will create private cloud services that have similar benefits, and enable a pragmatic path to cloud computing for services that aren't ready yet.

• The term "private cloud computing" describes a style of computing used by a modern internal IT provider to behave like an external, cloud-computing service provider.
• Scalable and elastic IT-enabled capabilities are delivered as a service to internal customers using Internet technologies.

• Most large enterprises should consider cautiously experimenting with public cloud services to investigate service maturity and new opportunities, mainly in the area of new application pilots, as well as in limited areas of more-mature services (e.g., CRM and e-mail).
• Enterprises need to understand their IT service portfolios and have a strategy for each service that will result in tighter integration with the business or eventual migration to public cloud services.
• For services that may be sourced to the cloud, enterprises should evaluate the return on investment (ROI) from developing private cloud services, while waiting for external offerings to mature.

The promises of cloud computing are compelling — more variable expenses, low barrier to entry, usage-based pricing, potentially lower costs and rapid elasticity. Not all services will evolve to become cloud-computing services. Some services are business differentiators, and are destined to become more tightly integrated with the business. Other services may eventually be outsourced as cloud services. Private cloud services are a natural steppingstone for these services before the external offerings are ready.

Gartner defines cloud computing as a style of computing in which scalable and elastic IT-enabled capabilities are delivered as services to external customers using Internet technologies. There is a one-word difference between our definition of cloud computing, and that of private cloud computing. Private cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as services to "internal" customers using Internet technologies.

Although economies of scale (and efficiency) are potentially better when you are massive, there are real economies of scale, even in modest deployments (which a large enterprise may have) — any technology sharing reduces costs. In addition, from a purchasing-power perspective, some computing environments are already approaching commoditization, leaving little margin for volume discounts. There are five attributes of cloud computing:

1. Service-based
2. Scalable and elastic
3. Shared
4. Metered by use
5. Uses Internet technologies

Private cloud services have the same attributes as public cloud services (see Figure 1).

The consumer accesses these services strictly through a programmatic or self-service interface, and describes service requirements in terms of outcomes, not implementation. The service is accessed using Internet technologies (such as a browser). The service (what the consumer sees) and the implementation (what the provider sees) are abstracted from each other. The provider implements the service using technologies that take advantage of economies of scale, share resources and automate the use of resources in an elastic manner. The mechanism of sharing is hidden from the customer and is inconsequential to service delivery. The customer can request more or fewer services within the confines of realistic potential enterprise demand, without encountering limitations. Changes are made within seconds or minutes, based on the time it takes for the request to be processed through automation.

Real usage metrics are collected and are available to the customer. They are measured in service/outcome terms (e.g., transactions), rather than implementation terms (such as the number of servers). It is a business decision whether these metrics will be used to create a full pay-for-usage model, like an external cloud service provider. Ideally, the customer will understand pricing at service request time, but this, again, is a business decision. There can be many other pricing models, such as shared-risk and shared-reward models. However, another key component of private cloud-computing implementations is the concept of pricing for services.

The difference between public cloud-computing services and private cloud-computing services is a combination of service access and service ownership/control. Public cloud-computing services and private cloud-computing services exist on a continuum of privacy. At one end are fully public services, available to all consumers. At the other end are fully private services, limited to one enterprise. In between will be examples of shared cloud services for sprawling organizations (such as the federal government), business partners in a supply chain, enterprises in the same corporate park and noncompetitive organizations, such as universities.

IT services are not all destined for cloud computing — they can fall somewhere between two ends of a spectrum.

At one end are IT services that are business differentiators and should become tightly integrated with the business. These services change often. They may be end-customer-facing for the business. You aren't just turning knobs, you are adding new ones, and they are unique to the business. Efficiency is not the highest priority for these services — functionality, customization and ability to change are more important.

By necessity, more manual and custom intervention is involved. Being well-run means better integration — involving processes, skills, analytics and strategies — and intimacy with the business. The services become extensions of the business. However, they may incorporate a range of standardized cloud services (e.g., payment processing), or use some lower-level cloud services in a supply-chain, but the resulting aggregate service will be enterprise-unique. These will not be cloud service candidates, although, some elements in their supply chain could be cloud services.

At the other end of the spectrum are services that could be valuable or important, but are standard across businesses — that is, they're more commoditized, rather than differentiators. The data they manipulate might be business- and security-critical, but the services themselves are not unique to the business. There are knobs to turn, and they're turned often, but you aren't adding new knobs, and they're common with other enterprises. A well-run service here focuses on creating a self-service, easy-to-use, relatively static interface. With standardized knobs, you can significantly automate behind the interface. The focus for these services is low cost. These services are separated from the business — they're independent, not customized or integrated. The ultimate destination for these services is the public cloud — the only question is when.

Action Item: All enterprises need to understand their own IT service portfolios, and have a strategy for each service that will result in tighter integration with the business or eventual migration to public cloud services.

In some cases, the public cloud services are at a level of maturity at which enterprises should explore using them today. However, for most IT services, cloud services do not exist, are not proven, do not meet service-level requirements, do not meet regulatory or legal requirements, are not secure enough or all the above. It may be many years before some of these cloud services meet enterprise requirements. It's likely that some services will never be commercially viable.

Another consideration is enterprise investment. Enterprises need to choose between throwing away their investments and migrating quickly, doing nothing while they are waiting, or evolving gradually. The path with the best ROI wins. When a public cloud service is expected to mature on a relatively short horizon, investing nothing in the existing service might be the best approach. When the benefits of investing internally are strong enough, and the expected maturity of public cloud services far enough on the horizon, investment in private cloud services might be the best choice.

However, why should large IT organizations invest in private cloud services, when cloud-computing providers are creating services themselves? There are several reasons. First, cloud computing is evolving rapidly, but it is immature, there's little competitive pressure in the market so far, and services are limited in scope and depth. Second, for many enterprises, the IT service levels their customers have come to expect are not commonly supported by public cloud providers, introducing an element of risk that may far exceed the reward. And third, many of the investments in private cloud computing will prepare the enterprise for public cloud computing.

These investments aren't just technology changes. They're process, cultural and business interface changes, such as building a service catalog and a service interface to the business, and moving to a chargeback model that helps the enterprise understand its service needs and costs. These changes will help enterprises make better cloud-sourcing decisions and can provide an easier transition to public cloud computing in the future.

Private cloud computing won't make much sense to a small business with a small amount of IT equipment. Many small businesses will find the economies of scale, simplicity and low barrier to entry into public cloud computing compelling (especially for organizations where IT is not a business differentiator). This doesn't mean cloud services will always equal commodity — the way cloud-based services are combined or how they are used can be a business differentiator.

Action Item: For services that may be cloud sourced at some point in the future, enterprises should evaluate the ROI in developing private cloud services, while waiting for external offerings to mature.

The potential benefits of private cloud computing are the same as the potential benefits of public cloud computing, although not on the same scale:

• Low barrier to entry — A service-oriented interface backed by virtualization and automation enables customers to acquire services quickly and easily.
• Elastic and scalable — A shared architecture that is virtualized and automated responds to customer needs at the speed of automation, based on policies set by the customer.
• Lower cost and pay per use — A shared architecture is more efficient, and larger enterprises can leverage technologies that enable economies of scale (albeit smaller than large public cloud providers).
• Ease of sourcing migration — Done well, a service-oriented interface could make it easier to move a service between private and public cloud environments, or even support a hybrid model (e.g., partly private cloud service or partly public cloud service). It also helps to maintain control of the cloud-sourcing interface in a central sourcing organization. A potential problem here is that many vendors will try to influence enterprise private cloud designs to ensure that it is easier to migrate to their cloud service offerings, rather than other vendors' offerings.

However, there are also significant risks. By taking on the responsibility to create a cloud-computing service delivery environment, the enterprise, as a private cloud platform creator, takes on risks that are similar to those facing a public cloud platform provider.

• Lost investment in technology and skills — Building a cloud-computing platform requires investment in new hardware, software and best practices to support the development and delivery of the target service. The ROI (in terms of business value, cost reduction, ease of future cloud sourcing, etc.) must justify that investment, and it requires an accurate evaluation of when public cloud services will be ready
• Lack of technologies to build cloud services — Cloud-computing providers, such as Google, Microsoft, Amazon and salesforce.com, write custom cloud-enabling software and, in Google's case, even design and build their own hardware. Although these technologies are gradually turning into packaged offerings (such as virtual machine management tools), many of the necessary technologies don't exist as commercial offerings.

In many ways, private cloud computing is the natural evolution from the IT modernization investments that large enterprises have been making for years. Private cloud services are a superset of Gartner's Real-Time Infrastructure (see Figure 2 and Note 1).

The evolution of private cloud services is not the same as the evolution of other IT services —the fundamental fork in the road is a divergence for private cloud services toward interfaces and independence from the business, while other IT services focus on integration and intimacy with the business. Many enterprises have built a partial foundation for private cloud services. The virtualization trend of the past eight years is an example of a great start in creating a shared and elastic infrastructure architecture. To complete the evolution, the full private cloud service connection from the resources to the customer needs to be built:

• Build an architecture that is shared/virtualized (using virtual machines, horizontal scaling through parallel programming techniques or clustering, etc.). This also requires cultural and political change. Customers of the service need to be divorced from the implementation.
• Build well-defined interfaces between the services and their customer — using customer-oriented service interfaces (as opposed to describing implementation details). Examples would be self-service portals. These interfaces should be built with Internet technologies and Web-oriented architecture concepts in mind. This also requires cultural and political change. Most IT service is not described in terms of service-level agreements. Cloud computing requires an interface that is service-based.
• Build the automation behind the interfaces that make manual intervention in the interface or implementation an exception. This is certainly not unique to cloud computing, but it has been the motto of IT operation automation for years. Automation requires a massive effort in standardization and simplicity. There are also areas of operations that simply can't be automated. Cloud-computing providers start with a focus on standardization, and their service portfolio is tiny, compared with a typical enterprise. Cloud-computing providers also invest significantly to fill automation gaps by writing custom software.
• Build the mechanism to do usage-based accounting to enable efficient life cycle management, track business usage of services, and potentially enable a chargeback or pay-per-use pricing model. Again, this entails tremendous cultural and political change — but it is change that would be required of any enterprise that would benefit from eventually leveraging public cloud services. If IT is treated like a business internally, it will be much easier to convert to using IT services externally.

An example is a self-service development and test environment. Here, developers can request servers for testing, have them automatically provisioned and return them to the pool when they're done.

The evolution to private cloud computing services will hit the same process, political and cultural barriers that virtualization has encountered:

• IT is a cost-center, not a profit center.
• Business units want involvement in implementation details and assets.
• Services are not all described in terms of service levels.
• Projects are funded separately.

One reason that private cloud computing should be seen as a steppingstone to cloud computing are these process, political and cultural issues that must be resolved and overcome for the enterprise to most effectively use internal and external sourcing.

Some services are destined to become a more-integrated part of the business. Some services may be outsourced as cloud services eventually. Private cloud services are a natural steppingstone for these services if the external offerings are years from being ready. The biggest difference between the two types of services is intimacy and integration vs. interface and independence.

Appropriate investments in private cloud computing will make it easier for enterprises to gradually use public cloud services as needed, if and when the services mature. Because public cloud computing is years from fulfilling many enterprise needs, it is likely that IT organizations will spend more money through 2012 on private cloud-computing investments than on offerings from public cloud providers.