Zimory White Paper: The Cloud's Slow European Take-off

CLOUD COMPUTING MARKET:

Understanding its Slow Take-Off in Europe

White Paper, May 2013

CLOUD COMPUTING MARKET

Copyright© 2013, Zimory GmbH 1

TABLE OF CONTENTS

Abstract ...................................................................................................... 2

Introduction and Problem Description ........................................................ 2

Cloud Computing Market Situation ............................................................ 3

IaaS vs. PaaS vs. SaaS: Differences in Market Perspectives ....................................... 3

Public vs. Private… and Hybrid Models ......................................................................... 5

Reasons for Slow Take Off of the Cloud Computing Market ..................... 6

1. General Market Confusion ......................................................................................... 7

2. Differences in Pricing Policies .................................................................................... 8

3. Absence of Neutral market place ............................................................................... 9

4. Lack of Technical Standardization ........................................................................... 10

5. Lock-in Policy of Larger Vendors ............................................................................. 11

6. Fears regarding Data Protection and Legal Frameworks ........................................ 12

European Union Mandate on Data Protection vs. U.S. Patriot Act ........................ 13

Differences between European Legal Frameworks ................................................ 14

7. Inability to Test Cloud Services before Buying ........................................................ 15

Overcoming Slow Take Off: Benefits of Adopting Cloud Services .......... 16

Successful Cloud deployments of IaaS ...................................................................... 16

Zimory and Successful IaaS Deployments ................................................................. 17

IaaS Cloud Brokerage model ....................................................................................... 18

Management of Connection Certificates................................................................. 20

Open Cloud Solution .................................................................................................... 21

Zimory Open Cloud Solution ................................................................................... 21

Contact Information .................................................................................. 23



ABSTRACT

This document analyses various causes for the slow take-off of the Cloud Computing

market in general, based on recent research and published articles. Proposals to

overcome the slow take-off of the market are also enumerated in the following white

paper, with particular emphasis on Infrastructure-as-a-Service.

Keywords: Cloud Computing Market, Cloud Services, Infrastructure-as-a-Service (IaaS),

Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Public Clouds, Private,

Clouds, Hybrid Clouds, Security Policies.

INTRODUCTION AND PROBLEM DESCRIPTION

The term “Cloud” is being increasingly used and analyzed in the IT market. Cloud

Services are synonymous with innovative features that clearly differ from the traditional

utility computing. Clouds are by definition flexible, dynamic, scalable and heterogeneous,

with three defined categories: Software as a Service (SaaS), Platform as a Service

(PaaS) and Infrastructure as a Service (IaaS). These qualities have proved to be very

positive for IT engineering and businesses.

Nevertheless, and because of its novelty, technical and business evolution, the Cloud

Computing market presents a certain number of obstacles for companies interested in

moving to the Cloud, especially in the early stages.

Decision makers face a sizable considerable number of challenges when considering

moving to the Cloud, especially with regards to the following obstacles:

Pricing policies

Neutral market place

Technical standardization

Lock-in policies

Data protection and security policies

Cloud security testing

This paper analyzes these challenges, offering factual, theoretical and practical reasons

for the slow take-off of the Cloud Computing market. It also analyzes possible instances

to overcome these difficulties, describing Zimory's position and practical solutions to

address these market obstacles.



CLOUD COMPUTING MARKET SITUATION

The following section compares Cloud Services and models from various market

parameters. This comparison will be the basis for analyzing reasons of the slow take-off

of the Cloud Computing market in Europe.

IAAS VS. PAAS VS. SAAS: DIFFERENCES IN MARKET PERSPECTIVES

The Cloud Computing market is categorized into three service types. The following table,

based on a study by Jeff Caruso for Network World1, compares the differences between

these categories regarding market dynamics.

Speed of Adoption

IaaS: Small and mid-size companies are adopting Cloud Services more easily and with

more enthusiasm than large companies, who are a bit more reluctant and still

in a “test phase”.

PaaS: Somewhere between SaaS and IaaS. Being developer-oriented, speed of

adoption for this specific target audience is predicted to rise in the short-term.

SaaS: Might be considered as the most abstract option of the three Cloud Service

categories, which lately has obstructed speed of adoption in the market. Highest

percentage of usage in the market. May actually become so overused that

will lose its “Cloud quality”.

Customer/User

IaaS: Customers maintain control of their software environment. No equipment.

IaaS vendors provide VMs.

PaaS: Developers build applications and use provided APIs and tools to hook them into

the provider's environment and run them there.

SaaS: Customers control very little of what happens inside the Cloud.

1 Network World, Inc. IaaS vs. PaaS vs. SaaS. Jeff Caruso. November, 2011.

http://www.networkworld.com/news/2011/102511-tech-argument-iaas-paas-saas-252357.html. Consulted on: 1st June 2012.

http://www.networkworld.com/news/2011/102511-tech-argument-iaas-paas-saas-252357.html



Management of software environment

IaaS: Virtualization enters and plays a crucial role in customers' software

environment management

PaaS: Interaction between developer and provider environments

SaaS: Hold and manage control of the environment used by customers.

Providers

IaaS: There are many 'IaaS' providers that do not offer true Cloud IaaS.

Providers make efforts to avoid customers from lock in.

PaaS: Developers tools to create applications to the platform. Manage the hooking and

running of these applications on their own environment.

SaaS: Providers make most important resource decisions.

Service Principles

IaaS: Openness, portability, ability to get easily out of the Cloud.

PaaS: Targeting a very specific market. Not a finished and concrete product compared to

the other two Cloud Service categories

SaaS: Reduction of costs sacrificing customer control.

The list clearly shows that in speed of adoption, qualities such as customer control,

openness, portability and virtualization are the basis for IaaS increasing adoption rates. In

addition to, and regardless of the usage facilities and evident “popularity”, SaaS, by

comparison, continues to be more abstract, mainly because its many different layers

have yet to be explicitly defined, at least from a customer point of view. Finally, PaaS is

the middle-ground between facility without customer control of SaaS on one hand, and

complexity and broadness with customer management of IaaS on the other.

Nevertheless, Louis Columbus in Predicting Cloud Computing Adoption Rates2, presents

data of SaaS as leading indicator regarding Cloud adoption rates. Columbus quotes a

Forrester survey affirming that SaaS will present the highest Cloud adoption rate, growing

up to 50% in 2012. SaaS “popularity” and growth affect positively IaaS and PaaS

adoption rates as well, effectively clearing doubts and confusions about Cloud Services.

2 A Passion for Research Blog. Predicting Cloud Adoption Rates. Louis Columbus. July, 2011.



PUBLIC VS. PRIVATE… AND HYBRID MODELS

It is often a confusing task for customers to clearly identify which Cloud Service model is

best suited to their needs. The increasing availability of choices such as dedicated

equipment and isolation tends to blur differences between Cloud Service models.

Articles such as Private Cloud vs. Public Cloud vs. Hybrid Cloud10

and Gartner's

Evaluating Infrastructure as a Service3 review the technical considerations when

choosing a Cloud model, these include:

Applications and data to be moved to the Cloud.

Applicable regulations and legal frameworks to the company and the provider.

Geographic locations of the company and the provider.

Required Service Levels and Service Level Agreements to be established

with providers.

Usage patterns for workloads.

Integration implications between applications and enterprise functions.

The following List4 illustrates the most important differences between Cloud models, in

relation to the target market and usage parameters:

Target Companies

Public Clouds: Better adapted for companies that need to move their data dynamically

without having to comply with strong regulations for business.

Private Clouds: Better adapted for companies that need to comply with strong security

regulations (e.g. pharmaceutical, medical, governmental).

SaaS:

A composition of at least two or more Clouds (private, community or public)

offering the benefits of multiple deployment models.

The customer provides and manages some resources in-house and has

others provided externally

Gartner predicts it to be the most commonly used Cloud model.

It requires both on-premises resources and off-site server based

Cloud infrastructure.

3 Gartner, Inc. Evaluating Cloud Infrastructure as a Service. Lydia Leong . March, 2011.

4 Based on: Gartner, Inc. Design your Private Cloud with Hybrid in mind. Thomas J. Bittman. February, 2012.



Responsibility

Public Clouds: Providers have the biggest responsibility regarding control and

management of resources and data.

Private Clouds: Customers/ end users are responsible for directly controlling and

managing data. Providers also participate in management if required.

Number of Users

Public Clouds: Any number of users.

Private Clouds: Single user/ entity (a company, for example)

Implementation

Public Clouds: Shared implementations.

Private Clouds: Unshared implementations.

Provider

Public Clouds: External Service provider.

Private Clouds: On premises or off-premises.

The choice of Cloud model will depend on customer needs and the reasons

for Cloud adoption.

REASONS FOR SLOW TAKE OFF OF THE CLOUD COMPUTING MARKET

The following section outlines both theoretical and practical approaches for Cloud

adoption in order to understand the slow take-off of the Cloud Computing market.

The causes analyzed include:

1. General market confusion.

2. Differences in pricing policies.

3. Absence of neutral market place.

4. Lack of technical standardization.

5. Lock-in policy of larger providers and vendors.

6. Inability to test Cloud Services before buying.

7. Fears regarding data protection.



1. GENERAL MARKET CONFUSION

The continual evolution of the Cloud Computing Services and market is more than

evident for the IT world. While evolution implies many positive changes and adaptations,

it also carries a certain confusion and uncertainty, and the Cloud Computing market

certainly reflects this definition.

The complexity and the broadness of the market can lead customers to have a blurred

outlook on the market and consequently by making uninformed decisions, it can take

them away from the expected results. There are still important doubts about basic

differences between Cloud solutions, data protection, testing and pricing policies.

Evidently, Cloud Computing is today more than a trending topic in all media, regardless of

the target audience. Many Cloud Computing providers have taken advantage of this

popularity to create what has been defined as a “Cloudwashing”5 strategy, categorizing

their offerings with the “Cloud” quality, even if they are not truly Cloud Computing

Services.

The “Cloud-washing” phenomenon and the complexity among other reasons leave

customers with doubts and apprehension when facing the decision of Cloud adoption.

The National Institute of Standards and Technology (NIST) of the United States

Department of Commerce created a Cloud Computing Roadmap stating that “a neutral

common understanding and model is needed by customers in order to clearly and

consistently understand how Cloud Services compare (i.e., apples to apples.)”6 Cloud

Computing solutions available in the market are multiple and diverse, which is a great

advantage for adaptability and flexibility. They add, however, complexity to the Cloud

adoption decision making. Customers need to better understand their organizational

needs in order to find the right Cloud solution. Furthermore, since this is an evolving

market, much effort and research is yet to be done to achieve technical and market

standardization and neutrality.

Providers are obliged to focus their efforts on accurately documenting information about

their Cloud Computing services, and making this documentation more accessible to the

market. In the European, and more specifically in the German market, an important

percentage of the available information focuses mainly on the potential risks of Cloud

adoption, which is obviously a positive aspect of Cloud Services documentation. It is

fundamental, however, to also generate documentation regarding the evident and

enormous saving potentials of Cloud adoption, such as improved time management,

avoidance of financial damages, as well as environmental issues. Exhaustive

documentation of both risks and the many benefits of Cloud Services will allow clients to

make a completely informed decision about Cloud adoption, and will contribute to a

5 Gartner, Inc. Pricing and Buyer's Guide for Web Hosting and Cloud Infrastructure, 2012. Lydia Leong. March,

2012

6 National Institute of Standards and Technology (NIST)-United States Department of Commerce. US

Government Cloud Computing Technology Roadmap Volume I Release 1.0. Lee Badger, David Bernstein, obert Bohn, Frederic de Vaulx, Mike Hogan, Jian Mao, John Messina, Kevin Mills, Annie Sokol, Jin Tong, Fred Whiteside and Dawn Leaf . November 2011.



positive evolution of the Cloud Computing market, especially in early stages, eliminating

the current general confusion.

2. DIFFERENCES IN PRICING POLICIES

Differences in pricing policies is one reason for the slow take-off and confusion in the

Cloud Computing market. There are often traditional, conservative and inflexible pricing

policies that go against the basic Cloud principles of adaptability, flexibility and scalability.

Customers that make an uninformed Cloud adoption decision, choose the “cheapest” or

“simplest” offer in the market, without even analyzing whether or not it suits their long

term needs. Bad decisions obviously lead to great frustrations, constituting a bad

precedent for the Cloud Computing market in general.

According to Gartner's Pricing and Buyer's Guide for Web Hosting and Cloud

Infrastructure, most pricing models include everything, with an “all in” policy. However,

some providers can for example, supply itemize pricing, making customers pay for

resources separately from management costs.

Prices also vary enormously depending on the capacity of VM storage, and RAM as well

as CPU speed and network bandwidth. The compute capacity is a variable that is yet to

be clearly defined among providers.

All of these ambiguities leave no doubt: Customers must choose providers with clear

product technical specifications of their services and solutions. All of these

requirements will guarantee an informed Cloud adoption decision and consequently

customer satisfaction.

NIST's Cloud Computing Roadmap states that the Cloud Computing industry needs to

clearly and consistently categorize Cloud Computing services regarding interoperability

and portability guidance and technology.

According to a 451 Group research regarding the State of European Cloud Provider

Market, “few providers offer a true pay-as-you-go service.”7 Many customers see the

pay-as-you-use service as one of the most attractive qualities when considering moving

to the Cloud. However, they should look for Cloud Service providers that offer clear

standards for the pay-as-you-go service.

The 451 research also states that there is a “large variance in what service providers will

document as a performance standard and/or commit to under a Service Level

Agreement. Whether comparing IaaS, PaaS or SaaS, the level of technical commitments

offered or SLAs provided can vary considerably from one provider to the next.”7 Cloud

Service providers are obliged to establish clear and public SLAs based on different

qualities and levels of service, as a basic condition in order to create a neutral contract.

7 The 451 Research: Hosting. State of the European Cloud Provider Market. February 2012.



3. ABSENCE OF NEUTRAL MARKET PLACE

The arrival and evolution of Cloud Computing has been revolutionary, especially with

regards to competition in the marketplace. There is no doubt that Cloud Computing

represents an enormous milestone for IT engineering. There are, however, many

elements to be improved in the Cloud Computing evolution process in order for it to

continue to be as positive as it has been so far.

One of these elements is the absence of a neutral marketplace and the consequent

appearance of market monopolies.

The Journal of Issues in Informing Science and Information Technology in the article

“Should the Cloud be Regulated?”8 addresses this problem stating that the “massive

move to the Cloud and the promise of reduction of costs through the economies of scale

raise the problem of the creation of monopolies.” Sources for these monopolies are listed

as being the following:

Resource scarcity: great difference of resources between big

companies and SMEs.

High entry barriers: related to evident economies of scale. Big companies,

obviously being a clear market minority, make great investments in resources

and infrastructure, leaving smaller market players handicapped.

Control of the platform for Cloud Computing construction: Complete management

of access and control.

Clearly, the rise of market monopolies in Cloud Computing directly leads to the reduction

of Cloud Service providers, which is counterproductive to the markets positive evolution

and growth. It would also leave customers with fewer choices to suit their needs.

“Net Neutrality” defenders claim that a larger companies' main objective is to establish a

market monopoly of Cloud Computing services. “Hence, it is said, direct controls are

necessary to ensure satisfactory performance: Control over profits, specific rates, quality

of service, extensions and abandonments of service and plant, even permission whether

to enter the business at all.”8

The market requires clear, standard and neutral regulations to guard and balance its

openness, where all market players are treated as equals, in order to ensure provider

diversity and the positive technical and market innovation of Cloud Computing services.

8 The Journal of Issues in Informing Science and Information Technology. Volume 8. Should the Cloud be

Regulated? Abbas Strømmen-Bakhtiar , Amir R. Razavi . 2011.



4. LACK OF TECHNICAL STANDARDIZATION

Cloud Computing is a relatively new market for IT engineering and IT businesses. At this

point, it is impossible to generalize about providers' implementation and quality

approaches.

Since the Cloud Computing market continues to evolve, there is an evident gap regarding

best-practice policies and the establishment of technical standards. This lack of

standards slows the take-off of the market as it leads to customer apprehensions and

insecurities when considering Cloud adoption.

The powerful market leaders that embrace quality and adaptability are yet to be

established. Those who manage to offer solutions with transparent technical standards,

interoperability and compatibility seem to win the battle in the long-term over the big

historical names in the IT market. Customers' interest and knowledge in Cloud Computing

is clearly increasing and will lead them to demand for more technical compatibility and

interoperability, as well as for well-defined technical standards.

Clear technical specifications will be the basis for establishing Service Level Agreements

(SLAs). SLAs are the core of a fair relationship and contract between Cloud Computing

customers and providers.

NIST's analysis of the Cloud Computing Roadmap states that the Cloud Computing

industry needs to “develop and adopt consistent technical specifications, of high quality

and completeness, to enable the creation and practical evaluation of SLAs between

customers and Cloud providers (interoperability, portability, and security guidance and

technology)”8. Otherwise, Cloud Computing market difficulties in the early stages will

remain or even increase while customers are unable to objectively compare between

providers' offerings. NIST analysis found that comparison variables are still blurry and

differ considerably regarding the following aspects:

Agreement terms.

Technology basis and performance: Supported hypervisors, functional

specifications, network interfaces, scalability, dynamic elastic allocation of

resources, tenant isolation, customer and support services, etc.

Time measurements.

Guarantee and data security policies.

These are basic elements for the establishment of any secure and fair contract between

two parties, especially in the IT business.

Finally, the NIST strongly recommends providers to establish clear, standard and

consistent categories of Cloud Services in order to develop an architectural reference

where category and technological interoperability and portability must take place.

Clear game rules will provide the market with the reliability and security needed for it to

have a more fluent take-off and development, promoting a safe and sane environment for

investment in technological and business innovations.



5. LOCK-IN POLICY OF LARGER VENDORS

The rise of Cloud Computing services seems to put the long discussed issue of vendor

lock-in back on the table. The presence of lock-in policies is closely related to the

absence of a neutral marketplace, since large vendors are interested and even invest in

creating a certain customer “dependency” on their product environment, which leads to a

closed market monopoly. This is opposite to the Cloud principles of interoperability and

compatibility.

Some of the large Cloud Services vendors tend to use this “customer dependency” as a

selling strategy, making their products inoperable and incompatible with products from

competing businesses, which obliges customers to rely on them for product

maintainability and update.

Vendor lock-in policies certainly go against the most basic Cloud principles: To buy or

install a web-based service, with no physical software or hardware to be to maintained

and upgraded strictly by the vendor who will obviously charge customers for these

services as well.

On the other hand, Cloud SMEs, such as Zimory, are making great efforts to fight against

lock-in policies that benefit only a few. If customers are to truly achieve their Cloud goals,

they need to consider moving away from this economic and technical monopoly of the big

market names. These efforts are demonstrated by Zimory with products that offer high-

quality, flexible service capability while still increasing efficiency. The software maintains

openness and independence, connecting various virtualization technologies into one

Cloud, and allowing flexible movement between private and public Clouds.

Diversity and interoperability allows market players to invest in relevant innovations rather

than in maintaining or updating systems.



6. FEARS REGARDING DATA PROTECTION AND LEGAL FRAMEWORKS

Cloud adoption implies data interaction between customers and Cloud Service providers.

These functional and operational characteristics of Cloud Services put data protection

and security issues as one of the priorities to be analyzed when considering Cloud

adoption. Even though sources such as Network World state that “security issues have

dropped in importance”9 comparing the market situation to a few years ago (an evidence

of the positive evolution of customers' confidence in Cloud Services advantages), data

protection and security issues are still one of the most important concerns preventing

some customers from Cloud, and it is a subject matter that implies many perspectives.

Cloud solutions imply dynamic interactions, which, from the customer's point of view,

might seem difficult to control with conventional IT security standards. Cloud Computing

security is in reality not isolated from the standard IT security, data protection policies and

regulations. Nevertheless, the architectural design, potential scaling, reliance on

networking, multi-tenancy and shared resource qualities of the Cloud Computing service

architecture lead to the necessity of reviewing current security control policies. This re-

examination of current policies would provide the market with reliability and transparency

for a more fluent market start.

As affirmed in the NIST Cloud Computing Roadmap, “security concerns need to be

documented, understood, and addressed to a degree that security in a Cloud is clearly

understood and managed.”6 Customers need to be assured by Cloud Service providers

with clear and consistent information regarding data security policies and regulations in

order to facilitate the mainstream adoption of Cloud Services.

Gartner10

recommends that decision makers should analyze data protection and security

implications before moving to the Cloud, by considering the following:

Regulations of the country where the data is stored, where the company is

located and where the Cloud Service provider is located.

Awareness of who controls and regulates data. Customers using services of a

US company are exposed to the Patriot Act, for example. Specific regulations

such as the US Patriot Act are outlined below.

Transparency as a work principle should form a basis for Cloud Computing

companies and customers.

Players in the Cloud Computing market must be aware of the applicable regulation to

their business. Cloud Service vendors must make security issues as one of the

fundamental elements, if not the most important, to be documented and explained to

customers before moving to the Cloud.

9 Network World, Inc. Private Cloud vs. public Cloud vs. hybrid Cloud. Nancy Gohring. November, 2011.

http://www.networkworld.com/news/2011/102411-tech-argument-private-public-hybrid- Cloud-252337.html?page=1. Consulted on: 1st June 2012.

10 Gartner, Inc. Predicts 2012: Cloud Computing Is Becoming a Reality. David Mitchell Smith, Yefim V. Natis,

Gregor Petri, Thomas J. Bittman, Eric Knipp, Paolo Malinverno, Joseph Feiman Lydia Leong . December, 2011.

http://www.networkworld.com/news/2011/102411-tech-argument-private-public-hybrid-cloud-252337.html?page=1

http://www.networkworld.com/news/2011/102411-tech-argument-private-public-hybrid-cloud-252337.html?page=1



In order to provide a more concrete outlook of regulations impacting the Cloud Computing

market, the following table11

has been presented to describe the US Patriot Act and the

European Mandate on Data Protection, which will form the basis of an analyzed

comparison opposing these two legal frameworks:

EUROPEAN MANDATE ON DATA PROTECTION

US PATRIOT ACT

Defined legal framework with criminal sanction for anyone breaking the EU data protection regulations.

Submission of US companies and their foreign affiliates to be submitted

to US regulations, regardless of their location.

Prohibition to access or share EU citizens' personal data.

Possibility of accessing personal data if companies or individuals are

suspected to have terrorist implications

Required notification of data release (or sharing with third parties).

Direct prohibition of sharing data controlled by US companies with third-

parties

European Union Mandate on Data Protection vs. U.S. Patriot Act

When comparing these two laws, it becomes evident that security is an issue to be

handled with extreme care with both customers and providers. Both of them need to be

fully aware of applicable regulation to their businesses. These regulations have proven to

be contradictory to each other. This is an obstacle for the Cloud Computing market to

progress and evolve, with complexity that affects both Cloud adoption decisions and

Cloud usage.

At first, American regulations appeared to be more flexible than European laws, mainly

because of the multiplicity of countries and cultural differences; until the appearance of

the U.S. Patriot Act. This law complicates in general all market dynamics and interactions,

especially those pertaining to data protection and security. It is a law with many blurry

regulations, which still causes significant controversy about its implications for business

and even personal privacy.

The U.S. Patriot Act is also in direct contradiction to the European Union Data Protection

mandate because it obliges, for example, American companies managing data in Europe

to comply with both European and American regulations. European laws strictly protect

access or sharing of European citizens' personal data, precisely demanding notification

when this data is shared with third-parties. On the other hand, as stated in the article:

11 Based on: © Informa. Can European Firms Use U.S. Clouds to Store Data? January, 2012.

http://informa1.ie/newsstory/Can_European_Firms_Legally_Use_U.S._ Clouds_To_Store_Data. Consulted on 31th May 2012.

http://informa.ie/newsstory/Can_European_Firms_Legally_Use_U.S._Clouds_To_Store_Data



Can European Firms Use U.S. Clouds to Store Data?, “the U.S. Patriot Act requires U.S.

Companies (and their foreign subsidiaries) to comply with U.S. Government data

requests regardless of location, provided that data is under the control of a U.S.

Company (…) such data sharing is not allowed to be revealed to a third party.”11

Evidently, this conflicts with the European mandates strict demands of data sharing

notification.

Confusion and ignorance that result from these contradictions turn fear about data

protection and legal frameworks into an argument for not moving into the Cloud.

However, it is important to note that this is not a problem limited to the Cloud Computing

market, but also to traditional data centers.

Differences between European Legal Frameworks

European boarders were never an obstacle for business dynamics and interaction.

However, as described in this paper, the apparent market confusion in the evolving Cloud

Computing market could be one of the reasons for the slow market adoption. In Predicts

2012: Cloud Computing Is Becoming a Reality; Gartner affirms that European diversity

“will make Cloud adoption considerably slower. How slow will depend on how strict

national regulation and data privacy issues are in a specific country, and how pressing

the business requirement of reaping the benefits of Cloud Computing will be”10

Gartner

also acknowledges Europe's IT literacy and maturity, qualities that will support the Cloud

adoption process in the European market.

An article published by the New York Times explains the implications of a panel, known

as the Article 29 Working Party, providing recommendations on Cloud Service

regulations. Recommendations will be published in a report that will also emphasize

advantages of Cloud adoption to, among other goals, support IT market innovation and

efficiency.

Recommendations are hoped to support also Cloud Service providers to “improve their

image” in Europe by clarifying confusions and reducing fear about data security and

protection, which will all result in encouraging Cloud adoption.

Article 29 Working Party's recommendations for Cloud Service providers might include:

Informing clients exactly where their data is being physically stored at any time.

Deleting all personal data in Cloud computing centers when retaining the data is

no longer necessary.

Disclosing to clients the subcontractors they plan to use to process data.

Although these recommendations are obviously not mandatory, they are likely to

become a clear guidance for the 27 countries of the European Union, which will

considerably reduce the existing gap between the American and the European Cloud

Computing markets.

On the other hand, in a 451 Group analysis it is stated that European companies are

“taking a practical approach when it comes to data. It’s widely acknowledged that

enterprises in Europe want to keep their data in the country and ideally close to the

organization.”7 A simple answer can be the departure point of finding a solution to



contradictory and unclear regulations. Zimory responds to this practical approach since

its enterprise-grade technology provides secure data and application processing in

Clouds, keeping the data in the country. The Zimory Cloud Suite matches the levels of

security, quality, reliability, availability and continuity found in their internal data centers.

7. INABILITY TO TEST CLOUD SERVICES BEFORE BUYING

For customers, being able to test products for themselves before buying is an important

requirement. It is especially important for customers to perform security testing on Cloud

Services, since Clouds might be a sensible target for hackers. However, conditions and

conventions are still unavailable for customers to test Cloud Services for themselves

before moving to the Cloud.

Vendors rely on third-party and independent testing entities to verify the well-functioning

and packaging of their products. On the other hand, Gartner points out that Clouds are

“providers' most valuable property”10

, which makes them reluctant to allow access to

potential customers, only for testing purposes. These circumstances present further

evidence for the slow take-off of the Cloud Computing market.

To improve this situation in the short-term, it is integral for Cloud vendor's quality systems

to support and complete security testing, making it available for customers before Cloud

adoption. This is visibly one of the most awaited improvements in Cloud Computing

evolution, since it might be able to answer questions regarding data security and

protection issues; a breaking point for improving the slow take-off of Cloud Computing

market.

Zimory solutions are submitted to a high-level quality assurance process meeting security

and quality standards. Technical security measures implemented, as well as other

aspects of Zimory solutions will be treated in detail in the following section of this paper.



OVERCOMING SLOW TAKE OFF: BENEFITS OF ADOPTING CLOUD SERVICES

Having analyzed the main reasons for the slow take-off of the Cloud Computing market,

the following section presents concrete solutions to overcome market difficulties in the

early stages of Cloud adoption. Zimory solutions will be presented as an example to the

real feasibility of overcoming these obstacles.

SUCCESSFUL CLOUD DEPLOYMENTS OF IAAS

Success in Infrastructure as a Service is a clear indicator that Cloud Services vendors are

focusing their efforts on improving the quality of Cloud Services to overcome market

discussed challenges, which will support the increase in Cloud adoption. Furthermore,

and as an example of how the Cloud Market is overcoming the slow take-off, IaaS is

being used for multiple purposes, increasing exposure and successful use of Cloud

Services in multiple contexts such as:

R&D projects and load testing.

Building and deploying Web- based applications.

Moving non-critical and data with no regulation monitoring from expensive data

resources.

Acting more quickly on IT opportunities without having to wait on IT resources.

Underlying infrastructure for SaaS and PaaS.

In addition and despite its slow take-off, the article Overcoming the Challenges of Cloud

Reality12

published by Spirent, the following successful provider use cases for IaaS

Clouds were identified:

Increased efficiency during a specific contract flow.

Lowered costs and savings by consolidating servers through virtualization: When

physical severs are under-utilized to the 10-15% average, virtualization allows

them to be used to 40 -50% utilization rate and even up to 75%.

Increased elasticity and speed of access through the pooling of resources and

leveraging automation, allowing to add aspects such as on-demand self-service.

Supported application awareness and dynamic resource optimization.

Programmatic control over resources, allowing to manage resources and

configurations as needed.

12 Spirent®. Overcoming the Challenges of Cloud Reality. May 2011.

http://www.spirent.com/~/media/White%20Papers/Broadband/PAB/Overcoming_the_Challenges_of_ Cloud_Reality.ashx- Consulted on May 31st 2012.

http://www.spirent.com/~/media/White%20Papers/Broadband/PAB/Overcoming_the_Challenges_of_Cloud_Reality.ashx-

http://www.spirent.com/~/media/White%20Papers/Broadband/PAB/Overcoming_the_Challenges_of_Cloud_Reality.ashx-



Successful IaaS deployments prove the many advantages of Cloud adoption, leaving

behind the mentioned skepticism regarding data security and the confusion about general

characteristics of the Cloud. Zimory is a good example of successful IaaS deployments,

which will be presented in detail in the following section.

ZIMORY AND SUCCESSFUL IAAS DEPLOYMENTS

Zimory Cloud solutions, zimory®connect and zimory®manage are an important

example of successful IaaS deployments. zimory®connect enables for example, the

scheduled deployment of resources, allowing users to make unused hosts available for

only the time needed. Zimory software is designed to support fast performance activation

and deployment. Pre-configuration, templates and best practice design decreases the

deployment time for virtual machines substantially to some seconds rather than minutes.

Furthermore, Zimory manages for Deutsche Telekom public Cloud Services for large

companies. High security standards are especially required for virtual private Clouds

working inside public Clouds; this service management becomes a challenge regarding

security issues on software management for public Cloud services offered inside the high

security networks of telecommunication companies. When providing these solutions,

Zimory has successfully demonstrated its ability to meet the challenges of the thorough

security requirements of carrier-grade IaaS management software. One of the main

reasons for this success is that Zimory’s offerings in IaaS management software13

implement a modular architecture based on SOA design patterns14

, which offers the

following advantages with regard to security requirements:

Database isolation

No single point of failure

Enterprise application server (JBoss).

Encrypted inter-system communication authenticated with certificates.

Clear separation of authentication process from authorization and encryption

which take place separately.

Widespread use of one-way hash functions for passwords

and secure information.

Taking into account external security:

Isolated components, realm concepts.

External LDAP to provide authentication and system authorization.

External CMDB.

Gateway component to protect host machines.

Management infrastructure is protected from VMs.

13 Zimory GmbH, Virtualization Security. Peter Caron. May 2012.

14 Schneider Bruce, Cryptography Engineering: Design Principles and Practical Applications, 2nd Edition. Wiley

Publishing, 2010.



Moreover, governmental customers tend to be conservative and cautious with rigid IT

requirements when it comes to security issues. As an example of the quality of Zimory's

guarantees of system security listed above, Zimory is building the government Cloud for

the Austrian government data center-BRZ, overcoming challenges and increasing

flexibility and reducing CAPEX and OPEX without compromising security standards.

Through these Cloud Services, Zimory demonstrates once more that an independent and

high secure management infrastructure is of key importance to enforce and support

Cloud datacenters with high security standards and policies.

IAAS CLOUD BROKERAGE MODEL

Innovation is a fundamental factor in overcoming the slow take-off of the Cloud

Computing market. It will also contribute to its evolution. The IaaS Cloud Brokerage

business model introduces dynamics to Cloud Service use cases. It will allow three or

more independent parties (providers, traders and buyers) to do business together (buying

and selling products), reducing procurement procedures and verifying closely at the same

time the pre-established trading criteria. All interactions and processes are supported by

the flexibility of Cloud spot-pricing in IaaS Cloud Exchange. IaaS Cloud Services provide

complete management and governance, generating analytics of context and interactions,

all of which complies with security standards. The IaaS Cloud Brokerage model is an

innovative service that confirms the evolution of the Cloud market and how Cloud Service

providers' efforts to innovate their services complying with high security standards.

To better understand the IaaS Brokerage model and to show how it contributes to

overcome the slow take-off of the Cloud Computing market, Gartner published a report

called Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud

Services Delivery15

, where it identifies six main differences between Cloud Services

Brokerage and standard Cloud Services:

1. Buyers can be different: Buyers can have different ranges, from individuals and

SMBs to large businesses.

Cloud Brokerage cannot modify the actual service implementation or own the technology:

Possibility of integrating or customizing one or multiple Cloud Services.

2. Technology used for integration, customization and management can be different

as can the integration scenarios: Multi-tenancy of shared environments for Cloud

Brokerage technologies for integration and governance.

3. Contract managed differently: Integration of services where the only guarantee of

performance or availability is through the established SLA agreed on in the

customer contract or the brokerage agreement.

4. Channel for Cloud Brokerage may be widely different than those established for

traditional system integrators.

15 Gartner, Inc. Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud Services

Delivery . Tiffani Bova, Daryl C. Plummer. May 2012



5. New Cloud specialists: New Cloud Brokerage specialists coming from other

businesses different from the traditional IT services world, presenting different

marketing messages, different technical and business-related skills, new value

propositions and well- established partner ecosystems dominated by third-party

Cloud-native IT providers.

The IaaS Cloud Brokerage model is based on requirements from the consumer and the

seller which requires independence, demanding compliance with high security standards

for offering and buying of resources, they offer open and complete APIs, which negates

the vendor lock-in, one of the reasons for the slow take-off of the Cloud Computing

market. The IaaS Cloud Brokerage is a prove of how the reasons for the slow take-off of

the Cloud Computing market can be managed and solved. The answer? Innovative and

high-quality software.

The Zimory Cloud Brokerage model responds to the challenges and requirements of the

market described above, based on the Zimory Cloud product technology. The following

image provides a general view of the Zimory Cloud Brokerage solution.

Figure: Components of Zimory Cloud Stack in the Cloud Exchange setup

With the actual buying and selling mechanisms being executed in an external Cloud

Exchange module, the Zimory Cloud Suite has the role of settlement. The buying and

selling can be done in various ways from long-term contracting to a short term stock

exchange model. All of which results in the market required flexibility and adaptability of

Cloud Services.



Every seller on the Cloud Exchange requires at least a single instance of

zimory®connect in each of the datacenters, as a local management hub. This will allow

the Seller to offer services to the marketplace.

In addition, every Consumer in the Cloud Exchange requires at least one

zimory®manage, the entry point for the Consumer and the end-user and provides the

Cloud API. Consumers can use the portal to resell Cloud capacity to end customers, or

use the internal capacity pool for another purpose such as serving their internal Cloud.

The connection between instances is controlled by the Cloud Exchange system. The

Cloud Exchange system outputs certificates that control connection. Therefore, the Cloud

Exchange is able to control the delivery mechanism on-demand and review the

settlement status of transactions.

All Consumer functions are compiled in the zimory®manage component, whereas the

Sellers functional requirements are reflected in the zimory®connect module. Both

modules are also interconnected using an open API, which enables both parties to buy

and sell, without being locked into the technology. This solves, as mentioned above, one

of the main reasons for the slow take-off of the Cloud Computing market.

Management of Connection Certificates

As discussed before, security is one of the main concerns when considering Cloud

adoption. Innovative solutions such as the Cloud Brokerage model, must respond to the

market security demands. In order to do this, the Cloud Exchange requires connection

control between the zimory®connect and the zimory®manage modules. In order to do

this, the Cloud Exchange module – where the trading takes place, delivers the following

information on contracts between partners:

1. Contract parties.

2. Contract volume.

3. Contract time.

With this information, the Zimory platform generates connection certificates that enable a

temporary connection between a specific zimory®connect and a zimory®manage.

The certificates will be generated by the Cloud Exchange module and automatically

pulled by the zimory®manage and zimory®connect instances.

Based on this certificate, the Consumer can utilize the resources and also monitor

consumption of end-users. It can also decouple end-user pricing that suits their business

models.

In conclusion, the importance of Zimory Cloud Brokerage lies in the fact that companies

with multiple datacenters are able to use these solutions to broker various services in

different locations, or to build and support community Clouds, complying with high

technical quality and security standards; to provide general examples a car manufacturer

building can, for example, a Cloud Brokerage Service for their dealer network, airlines

building a Cloud for their agency network, etc.



This variety of use cases along with the high quality technology and security standards

confirm that the slow take-off of the Cloud Computing market can be managed and

overcome by responding to the market specific demands on main aspects such as

security, flexibility, neutrality, technical standardization, etc. with innovative solutions that

comply with these standards and offer many advantages to businesses.

OPEN CLOUD SOLUTION

Well-developed open Cloud solutions are a powerful tool to speed up the adoption of

Cloud Services, since open Cloud solutions are based on the following principles:

Interoperability

Elasticity, efficiency

Open standard formats and interfaces

No customer lock-in

Zimory Open Cloud Solution

Zimory's new, open Cloud business solution is representative of how an open Cloud

solution can contribute to the evolution of the Cloud Computing market. Offering

European customers improved interoperability and reduced costs fully compliant with the

EU mandate on Data Protection. Zimory Cloud Suite offers user, consumption and

metadata of a service, available in an open standard interface. This provides full

transparency and monitoring of user consumption and data, enabling organizations to

manage costs more efficiently.

Using proven open source technologies as a basic framework, Zimory Cloud Suite offers

a new capacity management tool and monitoring facility capable of fine grained analysis

of usage patterns in large Clouds for extended periods of time. In essence, it allows

technical administrators to run heterogeneous, geographically distributed Clouds

efficiently, whilst still maintaining guaranteed SLAs. All of these characteristics along with

the “made in Germany” quality guarantee and market customers have demonstrated to

have great confidence in Clouds made in Germany, especially because of their quality

and the compliance of data security policies. With our open Cloud solution, Zimory

negates vendor lock-in and addresses issues around data portability, privacy and security

in order to deliver substantial benefits to its global constituents.



CONCLUSION

After analyzing causes for the slow take-off of the Cloud Computing market, it is possible

to make the following conclusions:

It is necessary to define and standardize clear pricing policies. This will provide

more reliability and credibility to the market, augmenting customer confidence

in Cloud Services.

SLAs need to be clearly defined, including all possible service scenarios,

prior to Cloud adoption.

Avoiding market “Cloud washing” will clarify general aspects of the

Cloud Computing market.

A neutral market place is required in order to maintain provider diversity and

avoid market monopoly and consequently vendor lock-in for customers.

Technical standardization is a must, especially with regards to data portability,

adaptability, scalability and interoperability.

The eostablishment of technical and general standards is crucial for increasing

speed of Cloud adoption.

Data protection and security policies: Customers and providers must be aware of

applicable regulations and legal frameworks for their businesses. Security

continues to be an important concern for customers considering Cloud adoption.

Providers need to focus their efforts on ensuring that Cloud Services are security

tested in the short-term, in order to solve concerns regarding data protection.

Zimory offers concrete IaaS solutions supporting standards for interoperability,

scalability, adaptability, openness and flexibility to the Cloud Computing market.

Zimory's successful deployments constitute a positive precedent for IaaS

deployments in the Cloud Computing market.

Customers must demand clear and documented description of the Cloud

Service(s) when considering Cloud adoption.

Customers must make an informed and objective comparison of provider offers in

order to find the right solution, which can be best adapted to their

business needs.

Providers need to document their offers in a clearly and make them

available for customers.



CONTACT INFORMATION

Zimory GmbH

Revaler Strasse 100,

10245 Berlin

Germany

Email: [email protected]

Tel: +49 (0)30 609 85 07-0

For the latest information, please visit www.zimory.com

The information contained in this document represents the current view of Zimory GmbH

on the issues discussed as of the date of publication. Because Zimory must respond to

changing market conditions, this document should not be interpreted to be a commitment

on the part of Zimory, and Zimory cannot guarantee the accuracy of any information

presented after the date of publication. The information represents the product at the time

this document was published and should be used for planning purposes only. Information

is subject to change at any time without prior notice.

This document is for informational purposes only.

ZIMORY MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

© 2012 Zimory GmbH. All rights reserved. Zimory is a registered trademark of Zimory

GmbH in Germany. All other trademarks are the property of their respective owners.

mailto:[email protected]

http://www.zimory.com/

Zimory White Paper: The Cloud's Slow European Take-off

Technology

united states

cloud computing

cloud exchange

adopting cloud

cloud exchange

cloud computing

cloud computing

neutral market