Public and Private Clouds for the Enterprise

Telecommunication service providers will likely consume their own cloud services. After all, every organization can gain something from the proven benefits of infrastructure and application out-tasking. However, their primary role will be to implement and deliver the services that their end-customers will seek from public, virtual private, and hybrid clouds.

Service providers have the opportunity to extend their current offerings, which may already include hosting, communications, media, and software application services. Moreover, cloud offerings enable service providers to extend their reach beyond their traditional areas of operation.

That said, service providers must be prepared to address customer concerns ranging from policy compliance, to end-to-end security, to quality of service management, and to technical customization. They must be able to deliver a flexible range of functionality, service levels, and payment models.

Enterprise Cloud Use-Case Scenario

• Many enterprise-focused service providers (SPs) have an opportunity to create higher-value, differentiated service offerings. They have unique capabilities they can leverage, including customer relationships, physical assets, and extensive operations experience.
• At the same time, over-the-top services (such as Skype VoIP) threaten traditional SP revenue streams (e.g., wireline and mobile voice services). So, SPs have an incentive to evolve their value-add capabilities.

Role for Cloud Technologies

• Cloud is unlocking huge growth potential through new service offerings (e.g., infrastructure as a service, collaboration as a service).
• SPs offering cloud services have several avenues of differentiation in terms of deployment models (e.g., public cloud, virtual private cloud, hybrid cloud) and service types (e.g., infrastructure, collaboration).
• A cloud-ready architecture can also reduce an SP’s overall cost of delivery through more efficient and sustainable infrastructure platforms.

Application Considerations

• As table-stakes, SPs offering cloud services must ensure security and isolation of customer data in a multi-tenant environment. They must also offer a comprehensive suite of basic services (e.g., voice, collaboration).
• Initial customer acquisition will be driven by distinctive solutions with differentiated services and end-to-end service level agreements (SLAs).
• Over the long term, SPs must be able to deliver cost-effective services with viable margins.

While large enterprises also see tangible benefits in using public clouds, we expect private and hybrid cloud models to be very common. Large enterprises may use public clouds for burst or peak capacity and for select services that are difficult to scale themselves.

However, these organizations often require a higher degree of control over their data, applications, and systems than current public clouds allow. At scale, a private cloud offers the efficiency and agility of a public cloud -- without the loss of control.

Still, the IT services that a pure private cloud can offer are often limited to what internal IT can develop or deploy. This is where managed cloud service providers can add value.

Managed Security Services Gaining Adoption

Enterprise leaders say that it's becoming difficult to find the highly qualified IT and network security talent they need that's affordable, and so they look to service providers for a solution. According to the latest market study by Forrester Research, demand has been growing.

That said, Forrester believes that using a managed security services provider (MSSP) is more than just a lower-cost alternative to doing the same work in-house. MSSPs are not just managing devices, they also provide insightful analysis that can help with business decisions.

CIOs and other business technology leaders used to resist out-tasking their IT and network security requirements. The talent scarcity issue has helped to change that mindset.

Now, one in four out-task their email filtering, and another 12 percent are very interested in doing so in the next 12 months. Another 13 percent already out-task their vulnerability management and an additional 19 percent say they are very interested in doing so within the next 12 months.

CIOs Budgeting for Managed Security
Although security-related spending didn't grow during most of 2009, Forrester estimates that the managed services market actually grew by approximately 8 percent.

Managed security services (MSS) has evolved considerably. Service offerings exist in various forms -- from pure system management to more sophisticated log analysis using a number of delivery mechanisms, from software-as-a-service (SaaS) and cloud services to on-premises device monitoring and management.

According to Forrester's assessment, while many MSSPs have started to respond to the human resource challenge by offering consulting services, not all providers are equally capable. However, CIOs should expect more MSSPs to further invest in qualified professional services capabilities to provide appropriate integration and consulting guidance.

Managing Security within the Cloud
Forrester said they've received inquiries about providers offering cloud services -- such as distributed denial of service (DDoS) protection and clean-pipe services. Broadband network service providers that own the access circuit have an inherent advantage, because they typically detect and prevent potential attacks sooner than others.

Again, lower cost was the primary driver for moving to a managed services provider, but now cost only ranks fourth in decision criteria. Today there are a number of other incentives to use MSSP services. They include improving the quality of protection; gaining 24x7 support; getting better skill sets and competencies; a reduction is the cost of protection; and decreasing complexity.

Internal security managers are now expected to provide value-added services in support of business objectives -- such as enhancing privacy, achieving compliance, and protecting intellectual property. Therefore, they are demanding additional services from MSSPs, which in return are responding by broadening their traditional service portfolio.

In summary, Forrester offers a key procurement recommendation. They suggest selecting a provider that excels in the specific area you're looking to out-task. They believe that it's extremely important to assess organization culture. It's considered the most important factor that determines whether a relationship is going to succeed. So, start the process by talking to some of the provider's customer references.