The cloud is at the centre of business computing today, and recent reports bear this out.
Rightscale’s 2019 State of the Cloud report found that 84 per cent of enterprises describe their IT infrastructure as “multi-cloud”, while McAfee’s 2019 Cloud Risk and Adoption report stated that 87 per cent experienced “business acceleration” as a result of cloud adoption.
Anecdotally, these figures make sense. There is barely a medium-to-large business today that does not have some cloud in its IT mix, and many of the larger outfits use a hybrid combination of public and private clouds.
Still, the idea that 84 per cent of enterprises have a multi-cloud strategy, with multiple and distinct providers, seems unlikely, both globally and in particular in Ireland.
“If somebody is answering that question that way, then they're using some kind of cloud somewhere in that enterprise. It’s not likely that they’re implementing a strategic multi-cloud infrastructure,” said Séamus Dunne, managing director of Interxion, the pan-European co-location data centre provider.
It is not, however, a simple case of businesses having all of their eggs in one basket, said Dunne. A more reasonable scenario is that they have their on-IT systems running alongside systems using one major cloud provider, whether for development or deployment, and some software-as-a-service (SaaS). That‘s technically multi-cloud, but not quite what is usually meant by the term.
But according to Dunne, there is a nervousness about being tied to a single platform.
“Most of the IT people I talk to would say they’re not all-in on one cloud,” he said. “When people say that, they could they mean Amazon Web Services, Microsoft Azure or Google. That’s infrastructure-as-a-service or platform-as-a-service cloud, and then the main cloud is software-as-a-service.”
Michele Neylon, chief executive of Carlow-based data centre and co-location specialists Blacknight Solutions, said the approach many businesses have taken to cloud deployments was haphazard to begin with.
“There definitely was a move away from dedicated servers and co-location, as a general wave, a few years ago. That was tied into the hype in many respects. Now we’re seeing a more balanced approach. Depending on what they’re doing, you’ll see more of a spread of things being applied,” he said.
“The drivers will vary from company to company. In some it’s purely financial: you can spin up a virtual server for a tenner a month versus a couple of hundred a month for running a dedicated server.”
The upshot has been a move away from creaking servers stuck in the corner of an office, something Neylon welcomes. “I think we’re past people having a server in the office. It was a terrible idea anyway, though you do see people doing it from time to time,” he said.
Multi-cloud is possible, but not desirable for all
Peter Rose, chief technical officer of TEKenable, said that people using multiple public clouds are a rarity.
“What we’ve seen – and we work with a lot of multinationals – is that they tend to have their own private cloud using a data centre somewhere, or a private reserved area in public cloud. But they tend to not use more than one public cloud such as IBM, Amazon Web Services and so on,” he said.
The reasons for the choice of which one to use can be based on perception that one provider is a better fit for certain tasks. But it can also be because of long-standing prejudices.
“If you’re an open-source guy, you think Microsoft is the evil empire, and if you’re a Microsoft guy you think the open-source guys are a bunch of long-haired hippies. That’s not the truth, but it has sort of stuck,” he said.
In any case, he said, multiple cloud providers tend to not be used because doing so introduces too much complexity. “I think it’s extremely difficult to run multi-cloud,” Rose said.
For a start, it means that data sharing within a business becomes troublesome.
“Getting the right level of exercise is very, very difficult because the platforms are so different. You need a multiplicity of skills, you have two environments to monitor and secure. Basically, you have introduced another level of complexity in monitoring and security, plus you create artificial boundaries between the applications,” said Rose.
“From a security point of view, complexity is bad. If you introduce more complexity you either make things less secure or make it an order of magnitude harder to achieve the same level of security. Complexity is your enemy. You want, ideally, a single level of identity management across your in-house setup and your cloud.”
Hybrid public-private set-ups are typically less complex, he said, and so they are significantly more common. “They tend to have one express-route connection from the private cloud out to the public cloud,’ said Rose.
Loman McCaffrey, sales manager at Logicalis Ireland, said he has seen mixed responses from the market: there is growth, but Ireland is not a leader in cloud computing. “Adoption of cloud is lagging a bit here,” he said.
On the other hand, according to the results of its 2020 survey, Logicalis has found that the coming year will likely see more investment in cloud-based systems of various kinds.
“The last year has seen a significant step forward. We’re seeing that, of our sample, over 40 per cent of their workloads are already working in the cloud. It’s a combination of SaaS and other forms, of course – things like Salesforce and Office 365 –but it’s still surprising because indications from last year were 20 per cent,” he said.
“What’s also a surprise is that 89 per cent are planning to do more or significantly more in terms of moving to cloud this year. Effectively, everyone is working toward the cloud.”
Logicalis found a significant and growing platform agnosticism.
“Close to 40 per cent have no preference for their hypervisor, whether it’s Amazon Web Services or Azure or whatever. A larger amount than expected don’t care: as they mature they match the workload with the right provider. More and more now the decision is based on the workloads,” he said.
“In the old days it used to be ‘we’ll go with Azure, because we have a relationship with Microsoft, or AWS because we have one with Amazon‘, or whatever.”
The agnosticism reported today suggests that not only will migration between cloud providers become easier, but will also enable multi-cloud set-ups. “There’s nothing to stop us having something in all clouds,” McCaffrey said.
John O’Donoghue, solution consultant for the Data Centre Compute Group at Dell Technologies Ireland, said true multi-cloud is possible, but rare.
“A lot of what you find is that they have their on-premises IT and then one cloud provider, generally Azure or AWS. But in terms of people having spread services where different clouds are talking to each other, that’s relatively rare,” he said.
For Dell, the goal is to support the business function of IT, not the technology for its own sake, said O’Donoghue. This means that they can migrate from on-premises to the cloud, from one cloud to another, and back to on-premises, as necessary.
“It’s a case usually where people have said ‘I have an SQL database and I need to spin it up’, so they do, and they typically have been managed in a silo-ed fashion,” he said.
“A lot of people think of the cloud as a place you get services from: the public cloud. But it can also be a data centre private cloud. We don’t think of it as a place.”
Of course, multi-cloud set-ups tend to be at the cutting edge of enterprise IT, often using containerisation in order to promote portability, the sharing of data across different systems and simpler migration, thus avoiding vendor lock-in.
“Our strategy allows you to use services in the cloud but take them out if you need to do so, so that you keep that control,” he said.
But with the direction of travel being toward the cloud, why would businesses be seeking to leave? One reason, O’Donoghue said, is cost. “It‘s a major thing. Cloud economics is a whole area of study in itself,” he said.
“The cloud story for us is not saying: ‘Don’t use cloud services.’ We’re saying: ‘We’ll enable you to use them but also to use private cloud and on-premises.’ One of the key things we do as a business is try to reduce IT complexity. You can have multiple clouds, but it should be as simple as just one.”
Software as a service
The role of SaaS in the growth of cloud computing cannot be overestimated, and it is here that most businesses have chosen to dip a toe in the water.
“So many businesses use Salesforce for work today. That’s the biggest cloud: software-as-a-service,” said Séamus Dunne.
One notable Irish SaaS success has been Big Red Cloud. Formerly developers of the popular small-business accounting software Big Red Book (which is still available for those customers who prefer to stick with on-premises installation), the company saw early on that moving to a cloud-based platform was a way of streamlining service delivery to its customers.
“Software-as-a-service is the entry point of the cloud,” said its chief executive, Marc O’Dwyer.
Big Red Cloud is aimed squarely at the small and medium end of the Irish enterprise market, including sole traders who have neither the time nor the inclination to deal with complex traditional accounting software. Because of that, O’Dwyer saw the cloud as the ideal opportunity to simplify things.
It was also a risk, however: Big Red Cloud was, in Irish terms, a very early adopter of cloud technologies, and initially it faced a lack of public knowledge of what the cloud actually was.
“Back in the day, it was a hard sell, because it was a new concept. We developed in 2009 and launched in 2012, and it was still very much a new concept: ‘What do you mean my data is not going to be saved on my PC or my server in my office? Where is it going to be stored? What are the security risks?’ There was a very wary first few years on the cloud,” O’Dwyer said.
In fact, people were using the cloud already, he said, they just weren’t aware of it.
“Back then people were using online banking, which is basically a cloud-based service, so when we explained it in these terms then they could understand it.”
Specific circumstances were also an issue: Big Red Cloud gets a significant section of its customers not directly, but via accountants, and accountants are by nature, and for good reason, conservative.
“The accountants would have all been a lot slower to adopt the cloud back in the early days, which was a challenge for us because we get 48 per cent of our business recommendations from accountants,” said O’Dwyer.
Hosted on Microsoft Azure, Big Red Cloud is an Irish example of one of the SaaS applications that many are counting as multi-cloud when it is in use, alongside the placing of more fundamental IT infrastructure in the cloud.
The choice of Azure was driven in part by the geographical focus of Big Red Cloud’s customer base as it keeps data in the EU, though it does allow branch offices and travelling executives to access information from anywhere.
Even sole traders can benefit from this, McCaffrey said, with a holidaying business owner able to check the same data as an accountant preparing a tax return at home.
“It makes it so much easier. You have access 24/7 from anywhere in the world [and] you’re both talking about the same data at the same time,” he said.
“Ninety-eight per cent of our business is in Ireland but our software is accessed from over 20 countries every day. Azure has the best security rating in Europe of all data centres. They have invested millions and millions so the price pressure on hosting has gone down.”
There are reasons to turn to full multi-cloud adoption, of course, though it can be a difficult task. And even when multiple clouds are deployed, it tends to be as part of a wider hybrid strategy that includes not only the cloud, but also on-premises IT and data centres or co-location.
Grant Caley, chief technologist at NetApp Britain and Ireland, said NetApp helps its customers navigate across the hybrid cloud. But why use multiple clouds at all? In order to meet the specific needs of the business, said Caley.
“It varies by industry and by customer,” he said.
In fact, Caley said, despite widespread adoption of the cloud, it is unlikely to wipe out traditional enterprise IT. Instead, hybrid mixed cloud and on-premises set-ups remain the norm.
“We’ll never see, in my working lifetime, the cloud being the only IT architecture; the economics just aren’t there. Many organisations will make a big push, but they can’t get there the whole way. That’s why the hybrid is so important: those legacy applications remain important,” he said.
“In certain industries, such as banking, there’s still a lot of mainframe usage, and an inability to unravel those applications that they have on-premises. Retaining control because of legacy, or because of regulation, makes sense for them.”
Like others, Caley is sceptical of the idea that 84 per cent of enterprises describe their IT infrastructure as multi-cloud.
“I come across very few [businesses] that have no cloud services [but] that statistic might just be Office 365 or some form of SaaS. Maybe their HR will be in the cloud,” he said.
“The 10 per cent that aren’t doing anything are not doing so for clear reasons: I was talking to a company that works on missile systems and they have a strategy of absolutely not using the cloud.”
Caley said that in his experience, 20 to 30 per cent of enterprises were doing mission-critical business in the cloud. Where true multi-cloud does exist it tends to be as part of a wider IT infrastructure plan that combines on-premises with public or private clouds chosen for specific business reasons.
“You either tend to see people deploying applications in one of those, or having, as we are beginning to see more, components deployed across a number of locations: ‘on-prem’, in the data centre, in the cloud,” he said.
The goal is, accordng to Caley, to see multiple layers offered as an abstraction.
“If I use an IDE [integrated development environment] out of the cloud that’s platform as a service, meaning platform as a service is a stack of capabilities. We focus on how do we make the data available to each of those layers,” he said.
“In the early days, the people that were looking to use the cloud were the people with no incumbency behind them – the start-ups, early adopters. A lot of people now are rolling into the cloud as they feel the technology is mature. The problem they then have is data management. They’ve spent 40 years building data and processes. When you go into the cloud you have to build in the layers around disaster recovery, and so on, yourself.”
This is still an area many businesses haven’t investigated, Caley added.
“A lot of companies make an assumption that it’s fully protected. It is, but it doesn’t include SLAs [service-level agreements]. You need to build those capabilities on top of the cloud surfaces to bridge that gap,” he said.
All of the providers are now making slightly different pitches, though, and this could point to a multi-cloud future.
“The services that are offered are an arms race: Azure is capturing the enterprise market due to existing relationships, Google is maybe ahead on AI and analytics, and Amazon Web Services has the breadth of services,” Caley said.
Computing without borders in a Brexit world
One of the biggest issues with cloud computing is international data transfers, particularly in light of the EU’s general data protection regulation (GDPR).
Indeed, Brexit has already caused an issue: no-one knows whether or not there will be regulatory alignment with the EU post-Brexit, but a recent statement made to the Financial Times by the British home secretary, Saijd Javid, suggests not.
“There will not be alignment, we will not be a rule taker,” said Javid.
In that event and in the absence of a data-specific deal, Britain will become a third country under the GDPR and there will be severe restrictions on the collection, storage and process of personal data relating to EU customers.
Big Red Cloud’s Marc O’Dwyer has been watching the political situation in Britain and the febrile political climate has caused him to hold off on expanding into that market.
“We’re looking to go into Britain but we put the foot on the brake when it came to Brexit,” he said.
With Britain now due to finish its exit transition period in late 2020 some clarity can be expected in the coming months.
“The problem is the uncertainly. We're definitely going to move into it, but it has to be a smart move,” said O’Dwyer. “We’re looking at Malta and Cyprus now but, in terms of Brexit, British revenue introduced a thing called ‘making tax digital’, so we updated for that.”
For Blacknight’s Michele Neylon, the big issue with Brexit is where data is stored. “Brexit has significant data flow issues,” he said.
With Britain soon to be gone from the EU there is, of course, an opportunity for Irish businesses to grab British customers, be they British businesses who want to continue to trade easily in Britain or foreign companies seeking to move their base out of Britain.
“We’re definitely seeing some business from it, but just how much is going to be hard to measure. Somebody buying a €5 hosting plan is not talking to us directly, but there’s definitely been an interest from companies that have had infrastructure in Britain and are starting to look at moving over to the EU, or have companies who had a satellite office and are looking to move more over here,” said Neylon.
“Also there are British companies who want to use Ireland to trade with the EU. In some cases it’s very clear that the driver is the Brexit situation, but in others it’s not as clear.”
Brexit should not be viewed simply as a business bonanza though, Neylon noted. Businesses need to be aware of where their data is, he said, and few are.
“A lot of small to medium-sized businesses don’t understand the legal implications of Brexit because they didn’t understand privacy in the first place and they don’t understand how data flows work – and don't understand GDPR,” he said.
"The problem with GDPR is that it’s a bit like Y2K [in that] some of the bigger and better organised companies, who have inside counsel and have always engaged around privacy, are fine. The smaller organisations were not compliant with the prior legislation to begin with,” he said.
The fear is not without precedent: since GDPR came into law a number of US-based online media outlets, including large ones such as the Chicago Tribune, have simply blocked all access from the EU.
And that was a peremptory move, as it is clear that there will be more and more enforcement actions taken by the national data protection bodies within the EU in the coming years.
Neylon himself is exasperated by the way Brexit has played out: slowly and without clarity.
“The Brexit fiasco, and it is a fiasco, the way that has played out, we’re only two weeks away from the next deadline and we still don’t know what’s going on,” said Neylon.
“If you’re an Irish company that has been using British providers for any kind of service you’re going to have serious, serious headaches. Even if you get all of the extra paperwork it will always be open to challenge [so] a cost-benefit analysis will say: ‘just keep the data in another EU country instead’ – such as Ireland.”
The likelihood of a special EU-Britain deal providing so-called ‘legal equivalency’ that would see data in Britain treated identically to within the EU is slim, he said.
“Within Britain you have some hugely intrusive legislation around privacy and Britain is a member of [the global security operation] Five Eyes. As a member of the EU a blind eye is turned to that. Leave the EU and that will change,” he said.
Data flows might sound trivial to those outside the tech sector or the legal professional but, Neylon said, what we are really speaking about is the very core of business: “We’re talking about billions of euros worth of data here.”
Data centres: a dark cloud on the horizon?
When we think of the the cloud, perhaps as a deliberate result of the term that was chosen, we think about data and perhaps computing itself, but not so much about infrastructure.
Indeed, the entire pitch of the cloud has been to forget about complex and capital intensive in-house infrastructure. But it’s not as though IT has become immaterial: that data is stored and processed somewhere, and this has brought with it concerns about climate change.
Recent reporting has also seen Ireland’s pitch as a global hub for data centres criticised as potentially damaging to the environment while bringing little in the way of employment to the country.
Michele Neylon, chief executive of Black Night Solutions, that there is a lot of truth in the fear that the cloud greedily gulps electricity. “Energy use is the issue, for both cooling and for running the actual tin,” he said.
The issue should have been scrutinised in greater detail right at the start of the country’s tech boom, he said, but it wasn’t because good news was the priority.
“Irish media covering data centres and big tech over the last 15 years has, in many respects, been quite lazy. Nobody was asking these companies difficult questions. A company would engage with the IDA, they’d set up an office in the greater Dublin area and make a statement about creating jobs,” he said.
“But we weren’t asking were they 500 in one go or 500 over 20 years. What kind of people? Are they local or will you import them? There’s a very big difference. A bio-tech company won’t find 150 people locally. They were also talking about bringing in data centres. So you create a data centre. OK. Will it create jobs? Yes, but only in the short term. You’d need a lot of people to build it, but once it’s up and running? Data centres don’t employ that many people.”
On the question of energy use itself, Neylon said that while Ireland does, for climatic reasons, make sense as a data centre location, being a soggy country doesn’t mitigate the impact of vast increases in consumption.
“The power requirements for building out data centres, even small ones, are significant. Yes the technology is getting better and, yes, you’re able to leverage the Irish climate so that you’re not having to spend as much money on cooling as you would in, say, Arizona, but the power consumption of data centres is more significant than people realise,”he said.
“We’re got a small electricity sub-station at the side of our data centre, and we need it. A lot of the recent reporting I’ve seen on data centres, it’s pretty damn accurate. Why it has suddenly improved? I don't know.”
A medical warning
One of the big areas in cloud computing today is medical records, with the sector predicted to reach a value of US$38 billion (€34 billion) by 2025. Unsurprisingly, then, companies including Google, Amazon, Microsoft and even Apple are seeking to get in on the game.
The idea is that patients will be able to share data more efficiently with medics and, perhaps more importantly, medics will put an end to dangerous confusion by sharing the records among themselves, thus avoiding delays and errors in treatment.
To this end a new standard called FHIR, short for Fast Healthcare Interoperability Resources, has been developed. Under FHIR, data elements are each given a unique identifier, meaning patients, doctors and researchers can access the information they need on any device or browser, no matter where the data is stored.
The fly in the ointment is that the sharing of medical records is precisely what people don’t want. Or at least, they want be be able to control just who has access to them.
While security in the cloud is, in theory, more secure than on-premises, that depends on the security being properly implemented and proper procedures are followed. And it also requires robust privacy legislation banning the sharing of personal data, such as the EU’s general data protection regulation (GDPR).
In January this year TechCrunch and health news website The Mighty published an investigation showing that in the US, a billion medical images had spilled out onto the public internet, thanks to doctors and insurance companies failing to properly apply security procedures.
In fact, many of these images were stored not in the cloud but in on-premises IT systems. But the fear of medical data leaking out from cloud servers is nonetheless something that the tech giants – companies not known for their concern for user privacy – will have to address in the coming years.
The business case for IT
Cloud arguably first penetrated enterprise as shadow IT, often in the form of services such as Dropbox being used in an unauthorised manner. But even when cloud received the blessing of IT departments, there was a sense that it was a gold rush rather than something aimed squarely at addressing business need.
For example, cloud’s ability to deliver scalability is much-ballyhooed, but is it relevant? Not always, said TEKenable’s Peter Rose. “Scalability is really only important for internet-facing businesses,” he said.
He also said some workloads will produce lower costs faster than others. After all, existing leasing contracts don’t disappear the minute you sign up with a cloud provider.
“Where we see paybacks much faster are when were moving development and test loads,” Rose said.
Loman McCaffrey of Logicalis said this is precisely what is happening: the pressure to move to the cloud for its own sake is dissipating, to be replaced by a more business-focused strategy.
“The thing that we’re finding is that the challenge is back on the business unit. ‘We’ve brought you the flexibility. We’ve brought you the agility. What are you going to do with it?’ That brings in finance and it brings in marketing: how can you get a product to market quickly? If you can turn something around in 24 hours, will you do it?”
Many cloud deployments, then, are focused specifically on areas where continuous development is the goal.
“It’s a question of mindset: ‘Can we, yes or no? Do we need to?’,” said McCaffrey.
Interexion’s Séamus Dunn said that a lot of IT departments and chief executives are under pressure to demonstrate a cloud strategy and that is more about the economics than the strategy: specifically, moving from capital to operating expenditure.
“It’s about showing an op-ex plan,” he said.
While this is not necessarily a strategic vision, it is also not necessarily a case of moving to the cloud for the wrong reason.
“The fact is that nobody’s building an enterprise data centre anymore. The finance guys would never allow it,” Dunn said.
“Different regions move at different speeds. I spend a lot of time talking to people in the US and that’s where you see the trends first. They moved fastest to the cloud. They may own a data centre or two, but they’re certainly not buying more.”
Dunne said that as businesses get more experience, they can then decide when the cloud is the right computing environment for them. For example, once scalability ceases to be an issue, public cloud becomes less attractive.
“Amazon Web Services would have you believe everything is moving to the cloud, [that] it will be 100 per cent there, but actually what we see is once applications are stable they‘re moving back out of the cloud,” he said.
“The benefits of being able to scale up and down aren’t as significant when you can predict usage.”