The coming year will see instrumentation bringing new depth and detail to cloud and software as a service (SaaS) offerings.

Markets across the world are seeing an increasing adoption of cloud computing and cloud services among enterprise and an explosion of supply-side activity as technology providers manoeuvre to exploit the growing commercial opportunity.

The days when cloud computing came in an unaccountable black box are drawing to an end. Enterprise buyers rightly demand oversight and governance of their computing, even if hosted by a provider. Instead of take it or leave it service levels, there is a new trend toward visibility and accountability. The coming year will see instrumentation bringing new depth and detail to cloud and software as a service (SaaS) offerings.

The shift toward cloud computing applications is fuelled by many strategic advantages including reduced capital expense, data mobility, and continuous access to the latest software. Many of the most widely adopted cloud services are content-intensive in nature. Organizations dealing with rapid data growth and extended data retention periods are among the leading shapers and users of cloud applications.

Vikas Arora, group director - communications sector, Microsoft India comments, "Cloud based productivity solutions are an excellent example of how businesses can benefit from buying software as a service, hosted on a public cloud platform. The benefit of public cloud can also be leveraged in the form of platform as a service, which allows businesses to migrate their existing applications to the cloud platform and take advantage of the cloud's scalability and reduced costs."

Market Scenario

The global market for cloud services has been estimated by Gartner Inc. at Rs. 3,26,400 crore in 2010, up from Rs. 2,81,280 crore in 2009. It is expected to reach Rs. 7,14,240 crore by 2014. Over the next five years, enterprise are poised to spend Rs. 5,37,600 crore cumulatively on SaaS, platform as a service (PaaS), and infrastructure as a service (IaaS).

India is seen as the fastest growing SaaS market in the Asia Pacific region. At a CAGR of 60 percent from 2008 to 2012, it is poised to reach Rs. 1,689.6 crore by 2012.

With the availability of a plethora of SaaS applications and related services it is on a strong growth path. Given the pent-up demand for SaaS applications among the enterprise, the momentum generated by vendor activity and participation by telecom companies as partners, it will proliferate rapidly in the next 18-24 months, not only in top-tier towns and cities but even to secondary places.

The SaaS applications are gaining significant acceptance in the country at the cost of on-premise applications with 32 percent of SaaS adopters in the country replacing an on-premise application.

Zero or low maintenance is the leading reason for SaaS adoption in India, followed by ease of use. While the plug and play nature of SaaS makes it suitable for rapid adoption, ideally enterprise should ensure optimal usage in terms of application functionality as well as to smooth integration with enterprise applications or other SaaS applications as required.

Anil Pochiraju‚Äö managing director, India and SAARC, F5 Networks adds, "To accomplish scalability, some method of load balancing and application delivery will be necessary. The integration, a.k.a. automation, of all the requisite pieces of the infrastructure - network, storage, and application - is what enables the infrastructure to act on-demand. Without automation the realization of cost-reduction benefits will be marginalized."

SME Driving Cloud Adoption

There are 3,500,000 small and medium enterprise (SME) in India with a growing number coming to grips with the cloud computing technology because of its ability to cut costs and reduce capital equipment expenditure in terms of hardware as well as software.

One of the key advantages of the cloud computing model for SME is its low barrier to entry. Risks are limited as contracts with service providers are often covered by service level agreements and should the worst scenario play out they can be cancelled at any time. Cloud provides an opportunity to simplify business processes for SME, add value to software applications, and lower costs by moving the epicenter of IT applications outside the confines of traditional businesses. By adopting a SaaS platform, SME can utilize the resources as a service and pay as per their usage of the resources provided by the cloud.

Environmental Advantage

A compelling reason to consider adopting cloud computing may be its potential to reduce enterprise energy dependency. After years of business-driven expansion, it is no surprise that many of the data centers are overcrowded, consuming an extensive amount of energy resources. Cloud computing employs a highly virtualized, shared dynamic infrastructure that will enable companies to evolve to a greener, more holistic approach to data center management via greater economies of scale, workload balancing, and the integration of IT services with power and facilities management. Within the data center, workloads can also be dynamically reallocated from hot spots to cool spots.

With its focus on resource conservation, cloud computing encourages good service management practices like enterprise content management, which help keep the volume of active data under control via regular archival and disposal of redundant data. With less data to manage, it is possible for companies to increase their processing speeds while decreasing their carbon footprint. This sounds like smart computing for sure.

Managing Security

As organizations move toward a cloud-based infrastructure, they will also need to consider a range of issues beyond their data centers. In particular, with mission-critical applications being delivered over the public IP infrastructure, the enterprise need to keep a close eye on network availability, security, quality of service, and compliance. Security remains the top concern for both public and private cloud computing, albeit it is particularly pronounced for public cloud and less of a concern in the context of private cloud. Cloud computing providers are actively being targeted, partially because the relatively weak registration systems facilitate anonymity, and providers' fraud detection capabilities are limited.

Kartik Shahani, country manager, RSA explains "While the cloud provides organizations with a more efficient, flexible, convenient, and cost-effective alternative to owning and operating their own infrastructure, it also makes mitigating risk more complex as it erases the traditional, physical boundaries that help define and protect an organization's data."

Reliance on a weak set of interfaces and APIs expose enterprise to an array of security issues related to confidentiality, integrity, availability, and accountability. Attacks have surfaced in recent years that target the shared technology inside cloud computing environments. Disk partitions, CPU caches, GPUs, and other shared elements were never designed for strong compartmentalization. As a result, attackers focus on how to impact the operations of other cloud users, and how to gain unauthorized access to data.

Geetika Saigal, head - enterprise sales (India), Cable & Wireless Worldwide agrees, "Indeed, private cloud is not a workable concept unless it is within the context of a huge corporation which is large enough to merit building its own private cloud. However, there is another approach which combines the best aspects of each of these three approaches and can offer significant advantages to the users - the hybrid cloud. Over time, as the applications evolve, we predict that the vast majority of enterprise will move from their current IT setup or dedicated hosting to virtualized and then, gradually, into the cloud completely."

Account and service hijacking, usually with stolen credentials, remain a top threat. With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity, and availability of these services. Udayan Banerjee, CTO, NIIT Technologies adds, "The improvements in the cloud offerings have only been incremental with none of the PaaS platforms having shown much traction. Critical concerns like security, privacy, SLA and compliance also remain. There seem to be enough evidence to show that virtualization can improve server utilization. However, managing a large virtual infrastructure can become a very complicated task."

Organizations need to be aware of these techniques as well as common defense in depth protection strategies to contain the damage and possible litigation resulting from a breach.

Prashant Gupta, head - solutions, Verizon Business India and SAARC comments, "Security is one of the most important factors which should be taken into consideration before moving onto the cloud platform. This concern must be adequately addressed. Industry standards and regulations such as HIPAA, the Payment Card Industry Data Security Standard (PCI-DSS), the Gramm-Leach-Biley Act (GLBA), and the Statement on Auditing Standards 70 (SAS-70) have very defined and measurable security requirements. For cloud computing to be viable, providers must adhere to the same standards and controls that an organization would impose in house."

When adopting a cloud service, the features and functionality may be well advertised, the details or compliance of the internal security procedures, configuration hardening, patching, auditing, and logging are sometimes overlooked, leaving users with an unknown risk profile that may include serious threats.

While most providers strive to ensure security is well integrated into their service models, it is critical for users of these services to understand the security implications associated with the usage, management, orchestration, and monitoring of cloud services.

Vikram Sharma, VP-SP, Cisco India & SAARC conclude "Providers can leverage services both around standard processes such as CRM, ERP, product lifecycle management, supply chain management as well as technical services for software development and infrastructure. They must, however, be prepared to address customer concerns like policy compliance, end-to-end security, quality of service management, and technical customization."