Predicts 2013: Infrastructure Services Threatened as New Structural, Political, Competitive and Commercial Challenges Emerge

Data center hijackings, compute futures exchanges, enforced support bundle splits, and the dangers of overpromoting automation may conspire to make infrastructure services markets ever-more hostile. Here we predict the impact of these challenges.

• The infrastructure services market is maturing. Commoditization is forcing providers to invest in automation and analytics to deliver more and better with significantly fewer resources.
• The proliferation of standardized services will drive the adoption of utility services. Such service capacity will be freely traded on open futures markets governed by financial regulators.
• The concentration of workloads in fewer data centers will mean these data centers will increasingly be targets for crime and terrorism. Providers must protect their facilities from heightened threats or be forced to do so by external regulation.
• User dissatisfaction with support services bundling will increase to the point at which they attempt to force providers to change. Legal challenges will galvanize opinion and may lead to changes, irrespective of whether they are successful or not.
• The future will belong to those that have the commercial fortitude to place bold bets on market-changing capabilities. "Wait and see" approaches will fail.

• Provider marketing initiatives must drive buyer service value perceptions and beliefs if they are to have any chance of arresting the continual push to the bottom on a cost-only basis.
• Where service value propositions are weak or not obvious, providers must invest in their portfolios and service value visualization tools and processes to ensure that derived benefits are regularly demonstrated to service consumers and customers alike.
• Providers must ensure they plan to migrate to delivery models of the future as they continue to service the customer needs of the past.

• Increased automation and reducing labor arbitrage benefits will cause the infrastructure outsourcing services labor pool to decrease by 15% through 2016.
• By 2016, a legal test case will challenge the bundling patches, upgrade rights and technical assistance that constitute today's software support monopolies.
• Within three years, at least 10% of all infrastructure utility (IU) provider revenue will come via third-party compute futures trading exchanges.
• By 2016, megadata center "hijackings" will force governments to regulate facility operators to assure minimum physical and virtual security levels.

While a mature space, the complexity of, or innovation and service development within, the infrastructure services and IT outsourcing (ITO) markets must not be underestimated. This complexity and changing services landscape is a result of changing demand-side and supply-side factors, such as the maturing nature of infrastructure-as-a-service, cloud-based services, automation, intelligent analytics, global delivery and the constant downward cost pressure that exists.

IT management services focused on the support and management of corporate IT infrastructures have always relied heavily on monitoring and event correlation tools to "keep the lights on" and the IT machine running. IT and operational technology convergence is a reality for many. Recent increases in the availability and use of telemetry monitoring devices with the potential to track practically every aspect of every piece of electrical equipment on the planet in real time mean that the scope of such services is being redefined. Who is to say what the scope of tomorrow's ITO or product support service could or should cover?

SLAs will move away from infrastructure and application availability to application performance, as service providers will deliver to application transaction key performance indicators by provisioning infrastructure resource dynamically based on new monitoring metrics.

The advent of big data and the means to do something meaningful with it via pattern-based intelligent analytics combine with user demands for prevention-based services that go beyond remediation and drive tangible business value and ongoing improvement. Yesterday's services focused on maintaining the status quo for less; labor arbitrage and offshoring replaced expensive pairs of eyes and hands in countries with less-expensive equivalents in remote locations to deliver the incremental savings demanded. But as the labor price differential diminishes, it will become increasingly necessary for providers to look beyond "who" is delivering their services to "how" they are delivered. Smart industrialized services that leverage automation and analytics will be the next major battleground within the service marketplace. But even then, these next-generation services may prove inadequate.

Tomorrow's services will not only need to deliver much more for much less, but they will also need to be seen to deliver tangible business value continuously if they are to be attractive to a new generation of buyers that is embracing the ideals of the cloud-based economy and the perceived flexibility, transparency and freedom that it brings with it.

The infrastructure services market continues to change. Providers must not only follow the market to survive, they must also anticipate changes and plan and invest now so that they can lead the markets they compete within as much as they follow them. Followers (even fast ones) are destined to fail. Currently, Amazon Web Services dominate the public infrastructure as a service market by being both first to the market and continually innovating in this space.

Buyers' behavior is driven by predictable responses to a variety of predictable influences. Providers must drive significant improvements to buyer service value perceptions if they are to have any chance of arresting the continual push to the bottom on a cost-only basis.

Propagating and promoting real residual fears, uncertainties and doubts within the minds of buyers can be a powerful tool to help providers to customers and prospects be more receptive to their demonstrations of inherent value.

Where service value is weak or not obvious, providers must invest in their portfolios and service value tools and processes to ensure that service consumers and customers recognize the derived benefits. Additional managed services around infrastructure optimization, security and end-to-end application enablement and assurance will differentiate offerings from more overtly industrialized providers.

Providers must ensure they are prepared for the future as they continue to service the customer needs of the past. Transitioning legacy customers to new offerings will be costly, time consuming and resource-intensive. Some customers will not be worth this investment. Projected life cycle earnings assessments should be used to determine which customers are migrated and which ones are left to seek services elsewhere.

Strategic Planning Assumption: Increased automation and reducing labor arbitrage benefits will cause the infrastructure outsourcing services labor pool to decrease by 15% through 2016.

Analysis by: Bryan Britz and Rob Addy

Due to increased automation and reducing incremental benefit from labor arbitrage, the total employed global labor pool for infrastructure outsourcing services will decrease by 15% through 2016. Fluctuating labor rates and high levels of attrition are making the traditional advantages of labor arbitrage less potent than they once were. The cost differential between offshore, "near shore" and local labor pools is diminishing in many markets, particularly for higher-end skills.

Improvements in governance systems, system resilience and reliability, and the levels of embedded automation or support for integration with mature run book automation tools are increasing. Just as the advent of sealed bearings eliminated the need for mechanics to routinely grease nipples in the mechanical world, the rise in popularity and adoption of appliances and end-to-end engineered systems will eliminate many common IT operations tasks.

Independent software vendor (ISV) and OEM enhancements to their base-level support portfolios are beginning to change the nature of IT operations work packages. What was once necessary and labor intensive is becoming part of the support provider's remit or being automated through the deployment of configuration-monitoring solutions that automatically trigger routine operations tasks. In addition to increased automation in the incident management processes through embedded tools, such as case submission wizards (which automatically collect the prerequisite configuration files needed to diagnose the issue), many organizations want to reduce call volume and costs associated with the service desk through implementation of end-user self-service "shift left" solutions, The most apparent is basic password reset, which can constitute 20% or more of calls to the average service desk. Automated password reset, when fully successful, can effectively reduce the required service desk labor by 20% on its own. Additionally, providers are actively seeking to combine Level 1 and Level 2 application support in service delivery to drive out costs by as much as 20% through reducing the resulting total labor requirement.

Automated experts systems based upon the analytics of real-time monitoring data streams are starting to emerge, moving beyond traditional event correlation policies as they track system and environmental performance shifts and drift to identify issues ahead of traditional threshold breaches through the application of control-chart-theory-based statistical process control techniques. When coupled with intelligent exception management regimes that can optimize event responses based upon the prevailing conditions, there is a reduced need to have as many dedicated pairs of eyes watching consoles in operations centers. As predictive algorithms mature, and the level of intelligence and contextual rules that can be embedded into predefined automated responses to anticipated event scenarios increases, there will be less of a need to invest in large numbers of skilled operatives to monitor event alerts 24/7.

Provider investments in process standardization and tooling to underpin those processes is considerable, although the vast majority of providers have not fully turned process standardization investments into the basis for automation – yet1 until recently, their ability to bank the benefits of those investments has been hampered by legacy customer contracts that overly specified delivery processes and staffing levels. As outcome-based contracts proliferate, providers will be able to leverage shared delivery models more widely, and the purported economies of scale associated with their delivery factories will begin to be attainable.

Automation is neither inexpensive to implement, nor is it free. For service providers, scale is the key requirement for investments in automation to bear profitable results. The ability to invest in automation will continue to hamper many providers that lack sufficient R&D funding and/or service product marketing management expertise. Put simply, the next wave of service automation will create economies of scale for providers much the same way that offshore service delivery created economies of scale advantages for early leaders that were able to effectively manage a larger labor pool to create competitive advantage in managing costs and availability of resources. The notion of tool/vendor agnosticism in service delivery will become increasingly challenging for providers needing to gain efficiencies achievable through use of single- instance IT operations management suites, cloud management platforms and proprietary automation IP.

Reduced labor volumes will not necessarily lead to proportional labor cost savings. There will be fewer jobs, but these jobs will include heightened responsibilities requiring higher levels of skills across more technical disciplines, such as problem management and capacity management.

Providers face financial challenges reskilling their labor force to be successful in the future market. Shedding people costs money. The need to cleanly and legally sever employment contracts will require providers to accrue funds to cover these costs. Many providers will be unable to finance these restructuring efforts and will be forced to compromise their desire for a new delivery paradigm with their ability or willingness to incur short-term pain.

Providers will be faced with a significant challenge in identifying which resources to shed and which to keep. Many service providers operating from emerging economies have "nation building" aspirations and incentives from their respective governments to drive up employment in high-tech professions that are often better sources of wages (and country GDP) than other options. For providers unencumbered by social considerations, relying on normal attrition cycles and the retirement of aging employees is not a strategy for labor rationalization that will work. Providers must define next-generation operational roles and map current employee capabilities against these projected requirements. This mapping should be the basis for downsizing and re-assignment strategies.

Increased competition for fewer positions will necessitate providers investing in more rigorous employee screening and selection processes. Given that next-generation infrastructure outsourcing roles will require broader skills and a more acute appreciation of business context and value delivery, some providers will be challenged as their recruitment processes of the past will be inadequate for the challenges of the future.

Providers that have based their entire value proposition on cost reduction that is financed through labor arbitrage will struggle, as competitors use technology to negate their historic advantage. Automating and rationalizing work packages will prove to be less expensive and deliver higher and more predictable levels of service quality and system reliability.

Providers must be wary of overly exposing their use of automation and analytics to their customers if they are to avoid further aggressive margin pressure. If they tout their internal delivery efficiency as a differentiator, then they should not be surprised when buyers turn that perceived advantage against them and push for even lower pricing.

Investments in automation and analytics targeted at reducing delivery costs must be accompanied by appropriate investments in the service value proposition and mechanisms for articulating service value. If customers see no value, there is no value.

Winning deals at any cost is a fundamental error. Providers must not be drawn into price wars if they are to secure a long term future.

Human capital management processes will be a critical success factor. Providers that are able to restructure fastest and with minimal disruption will have the advantage. The pain and effort associated with transitioning from one employment model to another must not be underestimated.

For most service providers, building your entire automation solution "in house" will be too challenging financially, strategically and operationally. Choosing the right technology partnerships, namely in IT operations management, as well as the appropriate open source solutions to leverage the automation potential of pre-existing capabilities is critical to building a next-generation hybrid automation platform to underpin service management and delivery.

Providers will need to invest in new marketing/sales strategies and messaging to communicate to buyers the inherent value of more automated, intelligent, and lower-touch IT services offerings. They will need to adjust how buyers perceive and assess value when delivery is not associated with the person that shows up or answers the call but with the tangible outcomes of those services.

Strategic Planning Assumption: By 2016, a legal test case will challenge the bundling patches, upgrade rights and technical assistance that constitute today's software support monopolies.

Analysis by: Bob Igou and Christine Tenneson

By 2016, a legal test case will be brought that challenges the legality of software vendors bundling patches, upgrade rights and technical assistance that constitute and reinforce today's software support monopolies. Software support renewal rates are high due to the proprietary lock-in associated with the maintenance bundle. The vast majority of enterprise organizations feel compelled to purchase support because they consider the risks associated with foregoing patch access to be potentially catastrophic.

Buyers of hardware and software solutions continue to purchase based on the technology functionality first, and consider the ongoing support and maintenance of the solutions second. In the enterprise software market, buyers are questioning software vendors' practices related to intellectual property (IP) sharing, software licenses, maintenance and technical support. They are being forced into limited choices or bundles for services and who they must buy from.

Some of the same practices are also questioned in the hardware market, in cases of internal operating software (IOS). Gartner is increasingly receiving inquiries from clients on related issues such as the transferability of IOS licenses, the legality of vendors locking out noncertified partners from IP, and the legality of changes providers make to support contract terms and conditions. These policies lead to limited choice for customers, and as a result, more clients are interested in alternatives to vendor-provided maintenance and support services – especially for lower-cost solutions.

An example of a major software provider that does not bundle maintenance and support is Microsoft. It provides Service Packs, which are a form of software maintenance (software updates) to licensed users at no charge. Microsoft sells Software Assurance, which entitles customers to future versions of product (software upgrades).

One example of an alternative support provider is Rimini Street, which provides third-party application maintenance and support for Oracle and SAP ERP products. Although this type of service is a very small corner of the overall software support services market, it is an indicator of the degree to which customers will pursue lower-cost alternatives.

Examples of trends related to control IP and support services include:

• In July 2012, the European Court of Justice ruled against Oracle, which had challenged UsedSoft's marketing and sale of used Oracle licenses. The ruling states that a copyright holder's exclusive distribution rights to a copy of software are now exhausted at first sale, whether it is distributed by physical medium or Internet download. Although there are stipulations, this ruling cracks the armor of major ISVs and empowers customers with a new option. Shelfware, resulting from over-aggressive purchasing or mergers, can now be resold within certain constraints.
• When Oracle acquired Sun, it required Sun customers to purchase an Oracle maintenance-and-support policy to receive support, firmware updates for hardware and updates to OS software. Prior to this, it was easier for Sun's channel of hardware maintainers to deliver competitively priced support services and freely distribute firmware and OS updates.
• When SAP initially imposed SAP Enterprise Support (at 22%) on customers by cancelling existing contracts for SAP Standard Support, Gartner fielded inquires asking if this was legal. The only countries in which SAP had to concede to customers were Austria and Germany because of strict country laws about contracts.
• Another example is Continuant versus Avaya. Continuant is a privately held, Washington-state-based, independent service provider of data and voice networking equipment. Continuant and Avaya have been in litigation for six years. Continuant's counterclaims allege that Avaya's various policies and practices relating to post-warranty maintenance violate antitrust laws. Continuant is challenging the validity of Avaya's restrictions of independent service providers' accessing maintenance functions, or the enterprise directly if it is found that the enterprise is using an independent service provider for support.

A major inhibitor for customers considering alternatives to vendor-provided maintenance and support are the reinstatement fees and penalties software vendors can assess if customers cancel a maintenance and support contract and then need to reinstate it after a period of time.

Extended implementations and the associated complexity, costs and risk mean that many organizations do not have the appetite or means to routinely migrate systems from version to version according to the timeline dictated by the ISV. Organizations that fail to keep up with the latest and greatest release are often penalized by their providers through extended support policies that include support fee uplifts.

Comparable scenarios within other industries (for example, the automotive spares supply chain and vehicle diagnostics) have led to the enforcement of fair competition "right to repair" principles through regulation.

Technology companies are already lobbying behind the scenes to prevent this scenario from happening. The major ISVs are a significant and potent force, with almost unlimited access to the best legal counsel. If a test case were to be brought, it is foreseeable that the only real winners would be within the legal profession.

If court actions or government policy were to disallow these practices by hardware and software vendors, customers would have more choices to purchase support and maintenance from authorized or independent third-party support providers. Both software vendor and authorized channel partner revenue for support and maintenance renewals could be threatened. The growth of independent third-party providers could flourish, but the quality of support delivered would be unregulated, and potentially weaker, because the software provider would not be able to certify and audit independent service providers.

Global regulations could force the maintenance bundle to be split. ISVs (and potentially OEMs) would be required to offer firmware updates and software patches as stand-alone items at a reasonable price (judged by an impartial third party) commensurate with the associated development costs.

This would kick-start innovation and competition within stagnant markets, as well as leveling the playing field for new entrants. Customers would have more options and control over how to run their IT environments. Providers would need to reinvigorate and redefine their portfolios to deliver value-added services that stand alone without relying on maintenance bundle lock-in. Technology providers would be incentivized to make the differential between current versions and new releases larger to encourage greater proportions of their customer bases to upgrade sooner. Continuous business-focused innovation would be required to survive and thrive.

Irrespective of whether a test case is successful, the very fact that one may be lodged would be sufficient to galvanize customer opinion and raise awareness of the issues involved. Many ISVs that had their support value propositions challenged during the economic crisis of 2009 and 2010 felt compelled to make significant investments in support service value. This undoubtedly improved the value delivered, but it is unclear whether the improvements to date would be sufficient to fend off a legal challenge.

Providers that are not as dependent upon support revenue as their rivals may leverage the press noise and hype associated with such a test case to proactively break open the bundle on their own volition. New entrants or providers without legacy revenue streams (and the associated Wall Street expectations) could use their segmentation of the support bundle as a competitive differentiator to gain market share against more mature incumbents that are unable to even contemplate such a bold move.

Software vendors, authorized partners and independent third-party support providers should:

• Monitor ongoing lawsuits, such as the Continuant-Avaya lawsuit and Oracle-Rimini Street lawsuit, because results could have widespread implications for the support and channel industries.
• Monitor government regulations globally for changes that broadly impact the delivery of traditional IT services.
• Track the support policies and portfolios of competitors with an eye to players willing to unbundle maintenance from support.
• Head off government intrusion by understanding the demands of customers that are price-sensitive and willing to consider extreme consequences to obtain lower cost alternatives.
• Prepare contingency plans for if a test case is brought.
• Continue and accelerate ongoing efforts to dramatically raise support value because they represent one of the primary lines of defense against such a test case.
• Evolve their portfolios so that support service value becomes sufficiently compelling so that it is able to stand alone without the bundled components of patch access and upgrade rights.

Strategic Planning Assumption: Within three years, at least 10% of all IU provider revenue will come via third-party compute futures trading exchanges.

Analysis by: Rob Addy and Bryan Britz

Compute futures trading exchanges are on the imminent horizon. Providers will issue futures and options on compute capacity to be traded by brokers and investors. By the end of 2013, at least one viable trading exchange will be announced. Gartner anticipates that several alternative exchanges will emerge during the subsequent 12 months. The backers of these exchanges will have a heritage in financial markets and the funding models and long-term view needed to ensure sufficient liquidity within the market to drive adoption.

The technical barriers associated with workload transfer will necessitate IU providers to align more closely with the providers of network connectivity services to facilitate the dynamic instantiation of virtual devices (and their associated access to data repositories of record) in a timely manner.

Initial commodities will be based on specific technologies provided to a specific service definition with regard to key attributes latency, availability, resilience and security, but in time they will become more generic, as portability increases via hypervisor transparency, and commonly accepted definitions for the underlying governance processes are established.

Some providers of IU services are already attempting to pre-empt the emergence of trading exchanges to some degree by offering customers the ability to reserve planned capacity over extended timelines. Although no details regarding any restrictions on the right to resell such reservations are available, it is reasonable to expect that a restricted market model may emerge. Amazon ECS already allows customers to resell excess reserved capacity through a marketplace exchange.

Infrastructure as a service (IaaS) will be a price-sensitive market2. In a recent 2012 Gartner survey, 46% of organizations indicated they would be willing to change IaaS providers for less than a 10% price difference. Recognizing this price sensitivity among clients, successful and profitable providers will be highly skilled in demand planning. Exchanges will enable providers to presell capacity well in advance and plan delivery schedules accordingly. Although the price realized by individual providers may be depressed by this market dynamic, the benefits of predictable revenue streams should not be underestimated. Price depression is not an inevitable result of market speculation. The rules of supply and demand are as relevant in a futures market as in any other.

Service delivery guarantees may be required for some markets or for some derivative classes within markets. This will require providers looking to have their capacity traded on these exchanges to sign up for punitive-penalty-based contracts commensurate with the market valuation of the cost of nonsupply.

Financial regulators will become involved in the process of trading compute futures to ensure market manipulation is minimized. This will bring an additional administrative burden to providers and is likely to require governance procedures to be significantly improved.

Exchanges are most likely to initially flourish as regional/geographic models due to a number of factors, not the least of which being differing (and at times changing) country regulations related to data privacy and sovereignty. Specific vertical-industry requirements, such as Health Insurance Portability and Accountability Act compliance within the U.S. healthcare market, will continue to form critical requirements definitions to narrow – or potentially expand – the relevant computing resources across a broader exchange, Community clouds built to address these vertical-industry requirements may also foster the emergence of vertical-specific exchanges.

Organizations are notoriously challenged by demand planning, and, consequently, traditional service providers often share in the pain caused by ineffective demand planning. Successful exchange players will develop sophisticated models to correlate external events with expected increases/decreases in required computing capacity across segments of buyers. These predictive models will most likely initially focus on regional computing demand, and then expand into vertical markets and eventually to specific buyers.

• Providers must begin preparations to have their services consumed and traded in this manner. This is not an "if" but a "when." Service transparency and granularity will be core competencies for IU providers looking to take advantage of trading exchanges as a route to market.
• The ability to segment services by geographic location (to facilitate buyer requirements for data residency, and so forth) and security level will be essential.
• Providers will be faced with the decision to be an active market player or a commodity provider. The latter may deliver lower returns than the former, but it carries lower risk.
• Providers must enhance their analytic models that will assist in demand planning. Being smarter than your competition on anticipating changes in demand will become a true competitive advantage in this model.

Strategic Planning Assumption: By 2016, Mega data center 'hijackings' will force governments to regulate facility operators to assure minimum physical and virtual security levels.

Analysis by: Rob Addy and Tiny Haynes

By 2016, megadata center hijackings will have caused sufficient global economic paralysis to force governments to legislate for minimum acceptable physical and virtual security levels to be in place before granting licenses to operate such facilities. As large data centers serve more and more end-user organizations, their potential as a target for criminal and terrorist activity increases. It is likely that the providers that manage and operate the data centers will not be the target of such aggression; instead, the customers leveraging the facilities or local government bodies are likely to be the intended victims.

Many within the IT industry have overly concentrated on the threats from organized cybercrime and hacking collectives3. Although these threats are real, they are predominantly digital threats. The physical occupation or destruction of data centers and their contents are often downplayed. It's not that the hacking of computer systems housed within facilities isn't attractive to some parties, but that there are other options not related to data or IP theft that have the potential to deliver returns to those bent on destruction and chaos or financial gain. It is likely that hijacking schemes involving the penetration of physical security, such as an explosive device or something similar being introduced into the environment, would be sufficient as a perceived threat to cause operators and associated parties to negotiate or suffer the consequences.

Targeting critical infrastructure is a well-established strategy in times of war, and by terrorists (international and domestic alike). Data centers are critical infrastructure for the effective operations of most world economies. Information security measures continue to make "getting inside" harder for those with malicious intentions, thus requiring a reversion to the oldest form of gaining access – kick down the door! Such actions could be taken by disenfranchised domestic groups, contracted corporate espionage agents, or even the result of international conflict. Although the actual success of such efforts may be limited, the mere attempt will be enough to cause many governments to recognize data centers as being vital critical infrastructure requiring regulations potentially on par with those found in nuclear facilities.

The bombing of the financial district of London's Docklands in February 1996 demonstrated the vulnerability of data center buildings and surrounding areas to major disruption caused by a terrorist bomb. Internet exchanges that provide multiple telecommunications provider peering points can be targeted by such devices that wouldn't necessarily destroy infrastructure, but could force building evacuations and follow-on fire risks that might not be handled fully by automatic systems.

Most equipment delivery procedures to data centers, although authorized, do not include any bomb-detecting processes. A determined terrorist could, therefore, hijack the deliveries before they reach the site and substitute equipment with an explosive device concealed within it. Equipment would then be stored in a separate segregated facility within the data center or delivered to the customer's reserved caged area or data suite. Having breached the facility's external security measures, such a scenario poses a significant risk to customer operations or the network connectivity of the data center itself.

The concealment of explosives within IT devices has already been attempted by terrorist groups attempting to destroy airliners carrying seemingly innocuous cargos of printers and peripherals. It is reasonable to assume that any group seeking to penetrate a data center could look to hide their devices within innocent customer equipment before it is shipped for co-location in a new facility.

Despite Hollywood's depictions of sophisticated security systems at mission-critical computing facilities, the truth is somewhat less impressive. Physical security at many of today's largest facilities is minimal and is often based upon the premise that the locations of such facilities are not generally known. This flimsy veil on anonymity cannot be relied on to protect the facility or its customers from the attentions of criminals or extremists. As the monetary or ideological "value" of the potential criminal act increases, so will the level of intelligence, investment and aggression that potential perpetrators are willing to deploy to realize their objectives.

Current data center designs with extensive data halls and cooling plenums are not easily secured because of their scale and common access points that facilitate cooling and heat exchange. The drive for energy efficiency has introduced security risks that need to be addressed if the impact of a hijacking incident is to be mitigated and controlled.

Data centers rely on automated security systems, such as mantraps, closed-circuit TV and layered nonaggressive protection. Staff security is often subcontracted to those who are not aware of the nature of IT equipment, making it a relatively easy task for terrorists to plant such devices.

Data centers also carry significant fuel reserves on-site for their own generators. Should such reserves be ignited, the fires could engulf the entire data center, as was demonstrated by the Buncefield fires in the U.K. in 2006.

Physical security capabilities are likely to be reviewed more vigorously than they currently are as part of buyer evaluation criteria in the future. Providers must be able to articulate their security policies and arrangements in a way that reassures and convinces prospects and customers without materially impacting the security of their locations.

Regulations and licenses to operate significant data center facilities may be introduced by governments that want to demonstrate that they are addressing the issue. Such regimes are likely to bring significant administrative overhead and audit burdens to the operators of large data centers.

Closer liaison with law enforcement and counter terrorist organizations will be necessary to understand the vulnerabilities in the site's design and process. Data center providers will need to demonstrate this to customers, as well as the safeguards put in place.

Personnel screening, background checks and security clearance procedures may become required for all people working in such IT facilities. This will significantly increase the costs associated with IT operations staffing and may act as a barrier to entry for smaller independent contractors who routinely perform maintenance activities on behalf of larger providers.

The potential impact of data center hijacking scenarios could be one factor that helps alleviate current data residency barriers to cloud adoption as governments and regulators recognize that putting all of their data in one or two regionally located centers introduces inherent risk. Indeed, should data center hijacking be perceived as a significant threat, then it is not unimaginable to project a requirement for government service buyers to deliberately select multiple delivery mutually redundant delivery centers that are geographically dispersed to minimize risk exposure for key systems.

• The physical location of facilities will become as critical to the security of the data center as the fabric of the buildings and the processes used to secure it. Providers must ensure that intrusion and terrorist risks are mitigated as far as is practicable.
• Customers and providers of data-center-based services must assess the physical, perimeter security of such data centers, assessing the risk from nearby fuel storage sites, as well as IT equipment delivery processes. Attention must also be paid to the storage of the on-site fuel stores to ensure they are not easily penetrated from outside or within the perimeter.
• All security processes must be reviewed, and investments in tools and counter measures such as bomb-detecting equipment must be made if the risks are to be controlled.
• All security staff should be knowledgeable of the risks from terrorist devices or internal breach, and they should be fully trained on how to contain such threats until local quick-reaction forces can be deployed.
• Although the use of nerve gas deployment systems that augment fire suppression capabilities to incapacitate intruders, or the introduction of roving automated machine-gun-toting drones to patrol data halls may seem farfetched at present, the need to bolster (and be seen to bolster) security will become increasingly important in the future.

In response to your requests, we are taking a look back at some key predictions from previous years. We have intentionally selected predictions from opposite ends of the scale – one where we were wholly or largely on target, as well as one we missed.

On Target 2009 Prediction: By 2012, of the BRIC countries (Brazil, Russia, India and China), China will be the leading India-alternative offshore location for highly scalable resources, followed by Brazil, while Russia, being viewed as offering only niche capabilities, will fall behind.

Gartner's "Gartner's 30 Leading Locations for Offshore Services, 2012" report outlines a research stream that continues to rate China's capabilities and suitability as an outsourcing destination ahead of Brazil and Russia. If one uses the Gartner ratings model of "Poor" being worth 1 point, "Fair" worth 2 points, "Good" valued at 3 points, "Very Good" given 4 points and "Excellent" being scored as 5 points, then the ranking of the BRIC countries within the current reports is as follows:

• India: 39 points
• China: 31 points
• Brazil: 28 points
• Russia: 23 points

Missed 2010 Prediction: By 2012, industrialized utility and cloud-based services will account for at least 50% of the new demand for managed IT infrastructure services.

In September 2012, Gartner published its worldwide IT services forecast in a new format that readily allows the relative penetrations of various service lines and delivery models to be compared. The combined total worldwide market valuations for traditional data center outsourcing services and enterprise network services equated to $130,487 million in 2010 and $138,173 million in 2011. Whereas, the combined worldwide estimations of IU and cloud computing services for the same periods were $12,989 million and $17,340 million, respectively. This represented overall market growth of $12,038 million. The bulk of this growth (63.8%) is attributable to the traditional delivery models, with the IU and cloud compute services contributing the remaining 36.2%.

However, if we use the current 2012 projections for a comparative growth analysis between 2011 and 2012, then we would see that the IU and cloud compute services contribution exceeds 100%, because the growth that it represents makes up for a forecast decline in absolute revenue for traditional infrastructure services.

This research is based upon a variety of primary and secondary data sources, including vendor briefings, end-user inquires, customer searches on Gartner.com, published financials, user wants and needs survey data, personal observations and provider interviews.

¹ Recent Gartner vendor briefings from major service providers on how they continue to address growth, profitability and global delivery challenges show that they are actively looking to realize savings of between 15% and 20% within their first- and second-line support organizations.

² In a recent 2012 Gartner survey relating to buyer behavior and priorities regarding cloud services, 46% of organizations indicated they would be willing to change IaaS providers for less than a 10% price difference. This suggests that the cloud IaaS market will become increasingly volatile, and providers will look to mechanisms such as the issuing of derivatives such as futures and options to smooth out demand profiles and permit them to plan their capacity delivery more efficiently.

³ Gartner studies show that 70% of organizations still predominantly use the traditional, technology-centric approach to managing data center security and fail to consider the physical risks as seriously as they should. This overfocus on digital risks and cyber terrorism leaves them vulnerable to real world threats that may be even more impactful to their operations. The positions outlined and opinions expressed were formulated over an extended period of time to ensure that scenarios were able to play out and hypotheses could be validated wherever possible. All predictions, assumptions, conclusions and recommendations have been tested and refined in conjunction with members of Gartner's Infrastructure Services research community to ensure that the content comprehensively and objectively describes the market of today and represents a collective potential view of what tomorrow's market may bring.