The Tantalizing Promise of Cloud: CGI Separates Fact from Fiction

If you are wondering how widespread cloud adoption is, it depends on who you ask. If you speak with Rene Sotola, vice president, global telecommunications sector at CGI (News - Alert), he will tell you cloud adoption is mainstream in consumer markets, but is more incremental in other segments.

“In commercial and government markets, it’s getting there as product vendors, system integrators (Sis) and CSPs roll out their offerings and the choices increase,” Sotola said in a recent interview with TMCnet. “The adoption rate varies in different verticals and geographies. It’s also different for public cloud versus private cloud solutions. The U.S. federal government has heavily promoted cloud adoption for federal agencies.”

In the experience of CGI, which supplies cloud solutions to both government and commercial markets, it’s a question of client comfort to adopt the cloud.

“If the client has worked with an SI or a product vendor, it provides a jump-start for a cloud discussion, as the trust is there to address the key issues and deliver on the promises made,” Sotola said. “Passing stringent security audits is often a pre-requisite for customer wins.”

In the U.S. government market, CGI became the first certified cloud provider to deliver secure cloud services under GSA’s (News - Alert) Blanket Purchase Agreement for Infrastructure as a Service (IaaS). An important lesson learned in getting certified is that information security and privacy protections must be included at every stage of the System Development Life Cycle, and from the outset, he added.

Security remains a top concerns among IT decision makers shifting or considering adoption of cloud-based services. But security is not just a worry when it comes to cloud – it effects all IT environments, Sotola pointed out.

“The security concerns are very real in both cloud and traditional environments. We’ve seen the high-profile ‘haktivist’ anonymous group most recently claiming access to 12 million Apple (News - Alert) device IDs, WikiLeaks flooding, confidential documents in the public domain, and high-ranking U.S. officials warning about the theft of confidential commercial information, often through foreign state-sponsored hacking,” he said. 

Sotola also noted that the volume of cyber attacks is skyrocketing, pointing out that even the biggest technology, energy, financial services, and even the U.S. military’s classified networks have been hacked. 

“Emails, financial information, strategic and business plans, and product designs have been successfully targeted. Cyber attack is a process more resembling an ongoing military operation rather than a singular event: there is planning, design, initiation and then the actual attack. The feedback from the initiation and the attack phases goes to the next attack design in a never-ending cycle of increased sophistication. These security concerns are very real,” Sotola said.

CGI has a security practice serving both commercial and government clients. The company’s work for the U.S. government includes delivering advanced cyber security solutions for U.S. military and intelligence clients; work that has become relevant to the commercial sector in light of increased cyber threats.

“We consider data security absolutely critical to enterprise success. A system is only as secure as its least secure component, whether it is in the cloud or not. Given the critical nature of security, commercial and government enterprises must examine the security capabilities of cloud providers very closely, as not all providers are equal,” Sotola added. “Whether cloud or non-cloud provider, two criteria are key: their level of security expertise and their staying power to maintain security in response to ever more sophisticated cyber attacks.”

While cloud brings many benefits including greater flexibility and costs savings, Sotola said, the key thing to keep in mind is that the cloud is not an aspirin to cure all IT headaches, especially if the underlying application architecture and/or business processes are weak. However, cloud solutions offer unique capabilities that wouldn’t otherwise be feasible, he said, such as using an in-house data center for stable loads and “spiking” into the cloud for peak usage scenarios. Other examples include renting CPU capacity for huge, but short-lived, projects like OCR conversion of millions of pages of text, or having a low-cost offsite failover solution. 

“As an enterprise you’ll still need to create requirements and evaluate different vendor offerings functionally, technically and commercially,” Sotola explained. “You may need to worry about additional cloud- specific items – such as data location, cloud aggregation, flexibility in provisioning different parts of the cloud at the infrastructure, platform and software as a service levels as well as different cloud commercial models, billing (the promise of the cloud is flexible usage billing) and cloud migration.”

Sotola also noted the differences between consumer and enterprise public clouds, noting that they have different service level agreements (SLAs) and different consequences of security breaches. 

“As a consumer, I probably don’t care that I use different providers and clouds for different applications, have different contact numbers for support, or have less stringent SLAs. An enterprise cares about all of these things,” he said. “They don’t want X suppliers for X enterprise applications, whether they are deployed traditionally or through the cloud. The costs would sky rocket and suppliers may point fingers. Cloud aggregation will likely become more important in time as enterprises will look for ‘one throat to choke.’”

In addition, enterprises have more “admin” requirements. For example, an enterprise using a cloud email provider may want their administrators to be able to read everyone’s email, set retention policies, deal with password resets, etc. 

“Cloud billing – defined as billing for cloud services – also is much more complex to support cloud convergence, customer hierarchies within an enterprise and charges for embedded partner products,” Sotola added. “Similar complexity exists in cloud provisioning.”

While cloud is still in the hype stage of adoption, it’s by no means a fad that will pass, Sotola said.

“In commercial and government markets it’s about addressing issues of agility, time to market, lower cost, and much more flexible business models, including usage-based pricing. The cloud gives the business user a chance to bypass their overworked IT departments and achieve their business objectives. That’s huge,” he said. “Care needs to be taken to ensure this doesn’t compromise security which we talked about in the very beginning. The tantalizing promise of cloud computing is carefree IT – honed to enterprise needs and quick to react to changing business circumstances. Not all of it is there today, but if most of these expectations are fulfilled, cloud may become second nature, similar to object-oriented programming.” 

In addition, cloud gives enterprises another business model and another way to achieve their objectives. 

“It allows clients to focus on their core business rather than IT and leverage a pre-established infrastructure, resulting in faster time to market and greater flexibility,” Sotola added. “In addition, having this ‘ready infrastructure and tools’ means clients can embrace the concept of “shared services” within their own enterprise.”

Sotola will be a speaker at the upcoming Cloud Communications Expo session, “Web 2.0 + Telco 2.0 = Voices in the Clouds,” which will be held on Oct. 2 from 2:30-3:15 p.m. at the Austin Convention Center.

“I’m looking forward to getting different perspectives, having interactive discussions and discovering new ideas,” he said.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.