A Long Term Forecast

Definitions first: What exactly is cloud computing? It goes by many aliases—utility computing, on-demand computing, grid computing—and encompasses at least four different business models. At its simplest, "the cloud" refers to data storage and number-crunching hosted by the likes of Amazon Web Services. Then there is the much ballyhooed software-as-a-service cloud—think Salesforce.com's customer relationship management products. Less well known is the platform-as-a-service cloud for remote software development, such as Google's App engine, and the business-process-as-a-service cloud for payroll, expense management, and the like.

These four dimensions of the cloud, while different in approach and implementation, are united by a common idea. The user rents computational time—or "pays by the drink" in I.T.-speak—and taps into it via the internet. The user's data and apps are "in the cloud," which is really just an effusive way of describing huge distributed data centers operated by companies like Amazon, Google, Microsoft, and IBM. Anything that goes on inside a desktop computer, or even a corporate data center, can, in theory, be ported to the cloud—saving huge amounts of money in the process. That's the hype.

Although small businesses have been quick to adapt, larger corporate customers have voiced plenty of concerns about handing over their operations to another company. They're worried about lost or stolen data. In this economy, they're also concerned about cloud providers going belly up. Indeed, hard-liners see the very concept of the cloud as a deeply unreliable security nightmare. In an ongoing survey conducted by the research firm IDC, almost 75 percent of I.T. executives and CIOs report that security is their primary concern, followed by performance and reliability.  

Similarly, the cloud has been described as everything from "a trap" by GNU creator and Free Software Foundation founder Richard Stallman—one where companies like Google will force customers into locked, proprietary systems that will gradually cost more and more over time—to "fashion-driven" and "complete gibberish" by Larry Ellison, founder of Oracle. That's the backlash.

So cloud computing is at an awkward stage. Conventional wisdom has it as both the next big thing, and a fundamentally flawed idea. Obviously, it can't be both.

"It's definitely a new paradigm," sighs Rajen Sheth, senior product manager for Google Apps, but, he argues, reliability is a non-issue. In fact, "the cloud is less risky than on-premise systems," Sheth says.

The same goes for security. "Name one time when security was not an issue for businesses," scoffs Daryl Plummer, an I.T. analyst at Gartner, an I.T. research and advisory firm. "It's just one of those things people are always going to worry about—the perennial monster under the bed, ready to scare those who want to be scared."

"I think the real question is: More secure than what? More reliable than what?" adds Adam Selipsky, vice president of product management for Amazon Web Services. The cloud might not be perfect, he says, citing the company's Simple Storage Service's (S3) 99.9 percent network uptime, but it's very close. Compare that to the reliability of in-house systems.  

According to study of Fortune 1000 companies by Infonetics Research, a large corporate network is typically hit with 1.76 outages per month, with the majority lasting more than 90 minutes. That same survey found an average of over 500 hours of network downtime per year, which works out to only a 94 percent network uptime rate.

Security is a harder metric to quantify, so to allay the fears of potential customers, cloud companies are putting their servers into fortified bunkers that easily outdo anything ever seen on Mission: Impossible. Salesforce.com's Fort Knox boasts round-the-clock security patrols, five levels of biometric hand geometry scanners, and even "man trap" cages designed to spring on those without the proper clearances.

Consider, too, the 69 computers that have gone missing from the Los Alamos nuclear weapons laboratory in New Mexico over the past two years. As Salesforce.com VP John Taschek notes, "when a user of a cloud-based service logs out of his or her computer, there's nothing left on the laptop to be lost or stolen."

Yet despite all the efforts Google, Amazon, Microsoft, and others put into making the cloud feel safe and fluffy enough for big corporate I.T. managers, there's a good chance they will never be convinced. For many, there's simply a philosophical commitment to keeping physical control of data. If so, then the cloud will only come of age after the current generation of corporate decision-makers is ousted.   

According to Gartner, that will be in about 10 years, when somewhere between 40 and 60 percent of the U.S.'s current I.T. workforce is expected to retire. Those I.T. workers will take with them implied assumptions about how businesses should work, and will be replaced by a new breed of tech guy who has grown up in the Web 2.0 era. He uses Gmail, Facebook, Twitter—indeed,  he's been weened in the cloud—and looks on their elders' deep concerns about those systems' "reliability and safety" as exaggerated and quaint.  

"Basically, we heard these same arguments used against the internet," says Plummer, confident that eventually all corporate computing will be outsourced to the cloud. "Look what happened there. At some point, people just adapt or get left behind."