It has just about become an IT mantra at this point that some things go better in the cloud. The arguments around cost, scalability, ease of access and ease of use have all been made, and remade hundreds of times. Even the issue of security appears to be slowly getting resolved. But like any other IT deployment, if cloud deployments are not planned and implemented methodically, your enterprise could be looking at serious and expensive IT problems.

Lists, Lists, We Got Lists

A good deal has been written about this and many companies will provide a troubleshooting list that potential adopters should use. Some are less thorough than others, but all aim to help enterprises jump some of the inevitable pitfalls on the way to effective cloud computing.

We’ve come across many of these lists in the past and over recent days we came across another one that we think is worth taking a look at.

It comes from Workday, which builds enterprise business services for delivery as SaaS. Workday itself has some history in this area too. It was founded by PeopleSoft founder and former CEO Dave Duffield with former PeopleSoft Vice Chairman and head of product strategy Aneel Bhusri in March, 2005 and it has been pumping out SaaS business services since.

Top 10 List

In a paper published late last year entitled 10 Critical Requirements for Cloud Applications with contributions from Stan Swete, CTO at Workday, and Steven John, Strategic Chief Information Officer at Workday, it worked out 10 points to help guide enterprises through the cloud procurement maze.

And no, all roads in this case don’t lead to Workday, but they do lead to a digestible list of things companies really do need to consider before investing. The bottom line in all cases here is that there are no shortcuts to the cloud, but there are ways of making it safer and easier.

According to Swete and John, if companies cannot demonstrate the following critical 10 requirements, they are unlikely to be able to provide full, and fully functioning, SaaS models.

1. True Multi-tenancy

Enterprises, they say, should be looking from true multi-tenancy delivery architecture. Mutli-tenancy means that a number of different users are operating off the same cloud and generally using the same versions of software.

The advantage of this is that when upgrades occur, everyone gets bumped up at the same time and cuts the often prohibitive costs of doing this. A multi-tenant SaaS provider’s resources are focused on maintaining a single, current version of the application, rather than spread out in an attempt to support multiple software versions for customers.

There is also the community element. This means that partners and customers on the same platform can share knowledge and resources, because everyone is working off the same version. Finally, applications have to be built from the ground up for multi-tenancy. Otherwise, extensive work is required of the vendor to alter the on-premises application and underlying database for multi-tenancy.

2. Regularly Vendor-Managed Updates

Cloud applications are updated several times a year, which should be managed technically and financially by the cloud vendor, enabling the client to update and deploy the upgrades at its own rate.

This approach benefits both vendor and client as the client is relieved of having to upgrade IT projects while the vendor can focus on the software without having to adopt it to every on-premises deployment. This also precludes the need for hiring expensive, specialist IT workers.

3. Integration On Demand

Cloud applications should be built from the ground up to cut costs and risks involved with integrating them with the existing on-premises and on-demand applications. Cloud vendors worth considering are those that will share the problems around integration and not leave the client on its own.

An efficient vendor will make an integration infrastructure and integration tools available to clients as well as helping those clients integrate their applications

John says that the concept of a vendor-provided integration platform will become increasingly important in differentiating cloud applications from those that don’t meet the needed requirements.

4. Business-Driven Configurability

Cloud-based software should enable business people configure processes that meet the needs of the enterprise and free your IT resources from having to implement time-consuming and costly customizations.

Business applications in the cloud should come with a number of different processes and options designed to meet the needs of the business -- after all, this is what enterprises think they are buying when they buy into the cloud.

Real SaaS solutions should not only be configurable for the company, but in different ways for different parts of a company… customers with global footprints, for example, require different hiring processes for different countries, which can be configured…without the need for customizations," John says.

5. Data Centers and Security

Data security and privacy are still the big obstacles to cloud adoption by many companies, so vendors that wish to succeed in this market will have to be able to offer assurances that they can provide this.

Vendors should be able to guarantee that processes and policies encompass physical, network, application, and data-level security, as well as full backup and disaster recovery.

Swete recommends that companies check that the systems they are considering comply with security-oriented laws and auditing programs, including Safe Harbor, ISO 27001, and SAS70 Type II.

At this point in time, it is reasonable for client to expect the same kind of security as enterprise applications, and in some cases even more so.

For example, a typical ERP application will open access to a wider group of applications and users, creating a considerable security challenge, whereas access to a cloud-based application can be seriously curtailed.

SaaS providers must take a holistic approach to security, ranging from technical safety guards such as encryption to understanding data privacy laws and compliance, and building those safety guards into every product and process,” Swete says.

It is up to the enterprise CIO to check that all these boxes are being ticked.

6. Sustainable IT Infrastructure

Cloud providers and their products should maintain a high-performance IT infrastructure, which includes data centers and databases, networks and storage systems used to run cloud application and manage customer data.

As enterprises often depend on the use of the best and best-performing technologies available to keep a competitive edge, so cloud vendors should also be able to offer the best IT operations available in the cloud.

Again multi-tenancy is a must here, as a number of customers using the same applications is far more efficient than a number of different operations using different systems.

7. TCO Models

This effectively deals with one of the biggest problems cited with all IT projects -- that problem is, of course, unexpected expenses. With a transparent total-cost-of-ownership model, all prices should be clearly outlined.

There should be no upfront investments or software license fees, and all updates should be signalled and clear. Unexpected bills go a long way to making an IY project unpopular. With a cloud deployment, however, CIOs should be able to predict the cost of a project over the future five years.

8. Faster Deployment

Organizations that go the cloud route should be able to get themselves up and running in a short space of time, as there is no installation of either software or hardware and the infrastructure is already in place.

Clearly the time and cost of going the cloud depends on how big the deployment is and for how many people. Workday says that deployment is typically in three to four months for customers with under US$1 billion in annual revenue, and five to eight months for customers with more than US$1 billion in annual revenue.

With multi-tenant, configurable cloud applications in a configurable cloud application environment, once the processes and training are in place, you turn it on.

9. Cloud Control

Another one of the big bogies with data being stored off-premises is consideration around access and compliance. Whatever vendor you are considering should be able to offer guarantees that there will be no limitations in access to your data, and that it will be possible to import, export, purge and archive data to and from the application without having to first contact the SaaS vendor.

Vendors should provide a “sandbox” version of the production environment so an organization’s project team can view and analyze data and experiment with features and configurations before going into production.

10: Liberation From IT

The ultimate goal, and one of the great promises of the cloud, is that it offered ways to free IT and CIOs from mundane day-to-day tasks that cost money and don’t add value to the business.

This will enable CIOs to concentrate on business goals rather than IT maintenance, which, in turn, should realize a lot more dollars.

As a CIO, I believe in this mantra: ‘If I’m doing things someone else could do, then things that only I can do aren’t getting done…A data center is a commodity, and a company that specializes in running a data center is going to do it better than I can. And that frees me up to do what I do best, which is to focus on strategic work and innovations and find ways to provide true business value,' ,” John says.

Successful cloud applications are those that empower CIOs by removing the roadblocks that have been part of IT departments for years, John adds.