CIOs debate cloud, open source transformation

Cloud computing is no longer an issue of “if” for enterprises anymore, clearly all businesses will adopt or are adopting cloud in some shape or form as the basis for transforming their IT infrastructures into more agile and flexible organizations.

Whether from government, telecoms, retail or even the highly regulated financial sectors, companies across the board are jumping on the cloud bandwagon in efforts to create a new model for IT.

According to an IDC survey conducted at the end of 2013, approximately half of the survey respondents indicated that they are planning on a private cloud strategy while the other half plan on rolling out a hybrid public and public cloud approach.

“It’s going to be a very diverse and complex environment out there for a number of years,” IDC Research VP Mary Johnston Turner. She added that diversity includes the use of different virtualization tools as well as underlying operating systems.

For CIOs that gathered in Singapore in late September at a roundtable hosted by Red Hat, the challenges they faced in adopting cloud computing revolved mainly around the need to modernize IT but at manageable cost and risk levels.

The discussion took place under “Chatham House rule” so speakers have not been identified by name. 

Big change

One head of IT at an insurance company noted that cloud was being explored to improve client-facing applications, back-up operations as well as the possibility of leveraging cloud for new applications such as big data.

“The challenge we face in many cases today is scalability and open source options are something we want to look into but there are many factors and risks to be considered,” he added.

The host executive from Red Hat observed that much of the drive to transform IT today is being driven by things like big data and mobile but the complexity of many existing infrastructures creates serious issues around how companies can migrate, scale and secure the new environment.

One CIO noted that his organization was spending a lot of resource on internal transformation and considering different cloud models to solve various business requirements but predicted the transition would be slow as legacy applications and systems provided migration challenges.

Regulator headaches

Another challenge particularly for the finance industry is regulation.

Both the insurance and banking executives pointed to the demands from the Technology Risk Management (TRM) guidelines stipulated by the Monetary Authority of Singapore (MAS) as creating additional headaches around new technology adoption.

“Cloud is tremendously challenging and complicated in light of TRM and so all new technology adoption must be very consultative with the vendor especially if we are talking innovation,” said one insurance executive.

Just to meet the TRM guidelines alone with existing systems is proving demanding as millions of dollars are being spent just to reach compliance on TRM. “The big challenge with TRM is there’s no immediate business value in getting compliance yet it requires large investment,” said the executive. “There’s a real opportunity for Red Hat and any other vendors to find a solution to make this management challenge easier and help us comply.”

Open source to the rescue?

Another CIO echoed the current management issues and migration challenges to the cloud as he predicted that most organizations will adopt a hybrid approach.  Both private and public cloud solutions will be utilized to meet compliance needs and this need to manage different cloud platforms will create demand for new management tools and techniques.

“We are looking for a service that can manage all the different clouds and a vendor who can support it all,” he said. This is where many industry observers have noted that open source technologies have a growing role to play given the need to move to an open flexible management environment.

IDC research also indicates that 75% of enterprise IT buyers currently believe that the cloud will require them to buy new management software beyond what they already have in place. IDC’s Turner added that 47% of enterprise cloud customers have also told IDC that they expect to increase their open source and Linux spend over the next 12 months. Additionally, IDC research found that 72% of enterprises identified open source and open standards as being a key factor when it comes to evaluating cloud software options.

Another head of IT from a bank noted the growing use of open source in today’s data centers and noted that approximate 50-50 split of infrastructures currently running Linux versus Windows as their main platform.

“So there is still a question mark at the operating system layer on which is the better platform to adopt as we move into cloud infrastructure,” he said.

Most of the discussion participants acknowledged that open source clearly offered some advantages in being more open and potentially more innovative given the broad developer base but overriding that was the ongoing questions around support.

Support and security

“For me I just look for support, otherwise I have to have my own team to fix any major issues. Support is what I look for and how long has this product has been on the market,” he noted.

Others were in agreement that open source would be very viable right now, as long as there is support, stability and security going forward.

“To sum it up, performance, security, maintainability, scalability, stability and predictability with a flavour of innovation. With open source you can have many people working on it and if somebody credible can support this then I would say that open source should be a good win for everybody,” said one banking CIO.

The issue of security also emerged during the discussion. Security is often an area of contentious debate between the proprietary and open source camps, with neither side ever really having the clear edge or right answer.

There are arguments that with more openness, transparency and the wider developer base, that open source platforms can patch and secure systems much quicker than proprietary platforms. Countering that is the proprietary camp’s argument that more controlled systems mean security can be better enforced and security issues are less frequent.

Trust and accountability

One speaker noted that in the open source world, when there is a security issue then the whole world knows about it and security response teams are patching these issues immediately. “With openness and transparency you have to quickly address an issue like that, while in a proprietary world this response may also happen but in some cases we may not know about it,” he noted.

In some cases the question came down to commitment around resources and showing that measures are in place to address security risks. Some participants pointed to IBM’s vast security resources and Microsoft’s commitment with its one chief security officer and having the right models in place to deal with security.

According the Red Hat executive, at the end of the day there will be vulnerabilities on both sides and the decision on which platforms comes down to a preference of philosophy. “People will always find ways to exploit systems, but if we maintain openness then there are more eyes to look at same security issues and address it,” he said. “It’s not fool-proof but if it is a closed environment even if there are vulnerabilities it is down to that person who owns that code to declare and address them – I prefer to have more eyes and ears on this.”

The key thing is to look at this objectively as an evaluation of technologies, noted the Red Hat executive. “Open source is a way of building software so let’s not treat it as something that is markedly different from other systems, some systems may not be around in a couple of years’ time and no system is 100% secure,” he said. “So the key things to look for today are how widely is the technology adopted, the track record, the risks and the overall accountability of the provider – just as you do with any technology.”