Cloud computing is growing up. It has matured from an easy solution to a difficult on-premises IT deployments that saved a few bucks of initial capital investment and now, finally, to one of the core elements of an organizations’ IT strategy.

What's the Story?

But it has not finished with its growing pains, and in the coming years, enterprises will have to plan and develop strategies around their cloud environments if they are to reap the obvious benefits.

Driving force it may be, but enterprises still have to identify and implement their approaches to cloud computing, which confronts them with the problems of security, big data, open source and governance in the context of IT budgets that were slashed during the years of the economic crisis.

To find out what is happening in cloud computing, we asked Margaret Dawson, vice president of product marketing and cloud evangelist for HP Cloud. Here is what she identified as the major trends in cloud computing over the medium term and how she expects enterprises to deal with them.

1. Hybrid Computing

According to Dawson, the biggest practical problem that enterprises are facing at the moment is hybrid cloud computing. Hybrid solutions are currently being defined in two ways:

  1. Any two kinds of clouds together in a single IT environment. The most common situation is where you’ve got an enterprise that is working with a private cloud and elements of a public cloud. It becomes properly hybrid when you are trying to share data or applications or have a common management policy across these the two clouds.
  2. Cloud computing and traditional IT in the same enterprise. From a CIO perspective, that’s really what they mean when they are talking about hybrid cloud computing.

The problem, she said, is that most enterprises have arrived at the point where they can legitimately describe their IT environment as hybrid. If this appears to be a major step forward, the reality is somewhat different. Enterprises have developed hybrid environments, but they are not the environments they originally set out to create.

The A-Ha! moment that I have had with customers over the past few months is that while they may be there, they are not necessarily at a hybrid state that is effectively managed, or they feel that they control. In fact, I think many are beginning to become aware of the fact that there is a lot of cloud out there in their enterprise that they don’t necessarily control."

Here she is specifically talking about the development of rogue clouds or rogue applications. Rogue cloud is defined by IT security firm Symantec as business groups that offer public cloud applications which are not managed by or integrated into a company’s IT infrastructure.

The problems here are obvious. If your IT department doesn’t control what applications enterprise users are working with, they have, to a large extent, lost control of their IT environment.

What HP is working on at the moment, she said, is bringing clients around to a point where they face up to the reality of this situation and deal with the rogues.

We have managed to get to a point where IT managers are saying: I know I’ve got these rogue clouds, do I care or do I not care? What data is involved here? Is it just developers doing some pilot applications or is it an employee using some cloud collaboration app and I don’t know what information has just walked out the door?

From a HP perspective, our goal is to help enterprises manage these hybrid environments. Even organizationally we have restructured so that anything that is cloud has been pulled together in the single business use with a single sales team that is selling the cloud. We have public cloud, private cloud, and vertical cloud solutions."

2. Open Stack

There is growing interest in OpenStack cloud computing. She said more and more enterprises are responsive to this, especially in the context of creating more open IT environments.

According to OpenStack, its goal its goal is to produce an ubiquitous open source cloud computing platform that will meet the needs of public and private clouds regardless of size, by being simple to implement and massively scalable.

Predominantly acting as an infrastructure as a service (IaaS) platform, it is free and open-source software released under the terms of the Apache License.

HP predicts that in 2014 OpenStack will take a clear lead in the open source cloud race, solidifying its position in the enterprise. Dawson says they are already working with customers that are actively pursuing this track.

What we are finding is that even the most security conscious enterprises are looking for a more open environments. While it is possible to develop this, the pain here is the interoperability and integration of core abilities, data and applications across this hybrid environment."

A lot of enterprises, she said, started in a cloud and moved to proprietary platforms, and now they are stuck. As a result of this, enterprises have all these different on-premises and cloud environments that can’t communicate with each other.

They are looking to the future. Data is going to grow, more IT is going to be in the cloud and while we will always have traditional IT, we really need to see how this is going all work together and that openness and the ability to use open API’s is a huge part of that conversation. We really need to get some open standards around API infrastructure because there is no way we are generally speaking going to do what we need to do in the cloud without this as there are too many closed ecosystems where you cannot communicate across the board."

3. Governance and IT

One of the results of the development of cloud computing is that IT departments will start pushing for more control over what happens in the enterprise from a computing perspective.

The current trend is to let the business side dominate as workers look for tools to become more productive. While IT departments are not against this, there are security and governance issues that will need to be addressed.

We are going to see IT exerting more control as they look to apply common policies around the cloud and across the enterprise, whether they have ownership of the cloud, or whether it’s in their budget or not. To be honest, I thought that this was going to happen last year because I saw so much pain around enterprises in this respect, and I think there was still some hesitation at the business side of the company who are saying that because we need to be more productive, we need to be direct what IT we have and what is to be implemented."

However, increasingly, the security implications are too significant with too many risks from outside the enterprise so IT will really start exerting its influence over governance policies and insist on the introduction of tighter security protocols. This won’t be easy, she said.

IT’s role is increasingly problematic. You have to balance agility and openness with the business needs of the enterprise and data security. Everything revolves around security — data, equity, even stock price. All of these things depend on good governance. Data and cyber threats are only going to get bigger this year and the bad guys are getting better and smarter."

4. Security

Related to this is the problem of security and the development of new cloud practices. Hackers are no longer sitting in basements and launching once off attacks. They are now large, and even corporate, and are presenting new levels of threats, especially through the cloud. This presents another set of problems for IT on top of the existing governance issues.

The questions IT managers now have to ask, and will be asking over the coming year is "How do I set up a common set of policies for choosing new cloud applications or choosing cloud centers where data will reside?"

While productivity is key, IT needs to ask itself how do we set up and implement policies that will control who will access what and when. Does this application encrypt the data while it is in motion and where will it be stored? That’s the conservation that is starting to take place now."

On top of this, governments are also considering whether they should set up more regulatory controls to improve security and whether it should try and regulate the internet a little bit more and all in the interest of security.

This is a scary one. You could have a scenario where government involves itself in cybersecurity issues, helping enterprises develop new security protocols with the government trying to work out how we can work together to protect ourselves and data privacy. But you also don’t want the government owning the internet so enterprises will have to act on this sooner rather than later."

Government concern on this is related to the ongoing development of government clouds, the development of which are already well under way with vendors like Microsoft, IBM and HP working on projects all over the world.

While these are the four main trends that are emerging in cloud computing at the moment, there are other issues that need to be looked at including big data, which Dawson says is a related, but separate issue.

There is also a change in mentality at the C-Suite level in enterprises underway at the moment that is now starting to look at cloud computing as the future, rather than a passing fad — an attitude that still lurking the hidden corners of some enterprises.

How far enterprise go in dealing with the issues outlined above is anyone’s guess, but Dawson said she is certain all four will still be major concerns at the end of the year.