Issue 1

1 CAUTIOUS ITERATION – The technique to expose the hype and CAUTIOUS ITERATION – The experience the reality of Abstract: technique to expose the hype and Introduction experience the reality of Cloud Relative maturity of enterprise’s cloud journey Cautious iteration The domains of caution Four steps to iterate Abstract: cautiously Cloud is all-pervasive and is transforming the Conclusion way business is conducted. Processes, systems, 7 Research from Gartner: applications and data are now all cloud enabled Hype Cycle for Cloud and available on-demand. A majority of the Computing, 2018 workload across enterprises is adapted to move to the cloud. Industries worldwide are adopting 56 About Wipro best practices to embrace and reap the benefits of .

Many a new-gen businesses have seen their inception in cloud technology and are enjoying the advantage of agility and speed that come with it. Traditional enterprise customers are wanting to make the transformation to mimic the early success experienced by newer Introduction companies. However, delivering business In their 2018 Hype Cycle for Cloud Computing, success on cloud requires careful planning and Gartner states that, “…’cloud first’ is becoming proceeding with caution in iterative mode. a common description of enterprises’ strategies, as cloud adoption becomes mainstream At Wipro, we enable end-to-end cloud lifecycle (approaching “new normal” status), including solutions for customers by automating processes support for production applications and mission- across the discovery, assessment, plan, design, critical operations.”1 Any technology reaches build, migrate, manage and optimize phases. mainstream when about 20-30% of the market These phases deliver success on cloud using has taken serious steps to adopt the technology. Wipro’s automated processes and industrialized Cloud is a mix of hype and reality. The extent solutions like Wipro Cloud Studio, Enterprise of hype vs. reality is enterprise specific. For Digital Operations Center and HOLMES. Wipro enterprises who are nimble, operating in a is able to leverage these services and offerings highly competitive market, adopting a “fail- in a plug-and-play model to protect customer fast-recover-fast” approach to most of their investments and ensure uninterrupted business applications; cloud is the default denomination. continuity while delivering much needed change However, enterprises with complex infrastructure with a roadmap for future scalability. and operations and technical debt, operating 2

either in legacy mode or bimodal, are still technology on business success depends on a weighing the net benefit of cloud for each of their variety of factors such as industry vertical and application services. Cloud provides multiple geo-political environment. Hence, we always options that multi-speed IT is now bridging the refer to the phrase “relative maturity” as against going beyond the stricter two mode norms. absolute maturity.

Cloud technology offers a great platform for Hype Victims: They are bold and willing to experimentation of new services and business take risks. Going by the risk-reward equation, models and enables organizations to be more they can potentially be disrupters. They don’t agile and nimble. However, it is important to pull back or withdraw after laying out their remember that cloud is more of an enabler for strategy. While they occasionally disrupt the business than a time-bound necessity. Press- whole industry, in most cases, they fall victim friendly terms like “all in cloud”, “cloud-first”, to the hype. Customers who announced an “All “exit datacenters” etc., are noteworthy but should in cloud by 2020” as early as 2016 are half way be applied in context. It is important to make through their journey. However, they are realizing a calculated and informed decision on cloud an unforeseen spend variance and panic due to adoption and there is absolutely no rush! organization wide shake-ups that accompany the transformation. Relative maturity of enterprise’s cloud journey Cautious Adopters: They actively observe The maturity of an enterprise’s cloud journey technology changes and trends and conduct due need not always reflect on business success. diligence on the applicability of each technology The speed and agility of a plane is immaterial to in their own business environment. They have a someone who rarely crosses his town’s borders, balanced view on emerging technology. A large and an “all commute by plane” strategy will media distribution company could have started not work for him. The quantum of impact of any off in the cloud when they began their business.

FIGURE 1 Hype Cycle for Cloud Computing, 2018

Source: Wipro

1 Gartner Inc., Hype Cycle for Cloud Computing, 2018, 31 July 2018, G00340420 3

But they started with their own datacenter, to manage change can be challenging as well. closely watched cloud technology mature and During Execution, organizational inertia often adopted it slowly in the best possible way. tends to veer processes away from the norm while addressing inefficiencies, circumventing Followers: Followers watch their industry traditional approach with a new model including segment’s adoption of cloud technology. They addressing pushbacks, application myopia, and adopt changes yielding to market forces and tools selection. dynamics. They seek to understand “who has done it before and how”, before even looking Invisible dependencies into the applicability of a technology to their The enterprise IT landscape is a mesh of business. dependencies and a mass of information. It is impractical to have a 100% accurate CMDB Laggards: This segment is change-averse. They with all the dependencies captured. What often are characterized by huge complexity, disparate works is a two-stage discovery process. An toolsets, federated and autonomous processes. initial enterprise-wide discovery which maps Fear of change is higher and, in some cases, application services with nodes and the inter- change could be detrimental to the current mode app dependencies, and a subsequent discovery of operations. specific to the application during the actual migration process. Cautious iteration Cautious iteration is a methodology adopted Hidden costs of change to implement a change engine that enables least-disruptive, ongoing, incremental changes Most TCO calculators for cloud take into within the enterprise. The characteristics of this account an apple-to-apple comparison of the IT methodology are: components running an application service. They do not take into account the following costs of 1. Greater focus on execution as against strategy change:

2. Atomize “change packets” with a. Business assessment and planning costs implementation time less than a quarter – This includes tools and services costs for discovery, analysis, readiness assessment and 3. Cost-benefit analysis for every change packet planning a cloud migration.

4. Fail-fast-recover-fast model and iterative b. Control platform design and build costs – It is processes essential to integrate the operational control layer with the different cloud provider targets 5. Holistic change management across people, even before production applications are process, technology and data moved to cloud. Additional tools and services may be required to establish the integration. 6. Success measurement and course-correction every quarter c. Migration costs – This includes tools and services cost for migration efforts. The Program management and governance for migration costs vary based on the disposition technology programs in the past have always decision for each application. revolved around waterfall methodologies for planning and execution. Cloud transformation i. Rehost – Lift and shift migration tool and programs provide the flexibility to adopt an services cost iterative agile methodology. Iterating with smaller chunks is better than taking a big-bang approach. ii. Revise/Re-platform – Upgrade or re- platforming costs The domains of caution Any major cloud journey involves changes to iii. Refactor – Code refactoring costs based on technologies, processes, people and the data complexity ecosystem. There are multiple areas that we need iv. Rebuild – Code rebuild costs based on to be cautious about, at different stages of the complexity program. During Planning, there are invisible dependencies and hidden costs of change v. Replace – Evaluation, licensing and data including bandwidth and mindshare of leadership migration costs to adopt and drive change. New skills necessary 4

d. Training and enablement costs – People Four steps to iterate cautiously have to be trained and enabled to adapt and These are four useful steps to adopt while support a hybrid environment. executing cloud transformation projects. Execution of the steps necessitates careful e. Execution lags and course correction costs planning, leading change with a successful – In many cases, the difference between example, expanding on the success and carefully planned execution time versus the actual measuring success metrics against targets. execution time introduces new dependencies in the environment, and the business case Form the tiger team planned earlier may be obsolete by the time The tiger team consists of the champions of the actual execution happens. Any such lags change. The most common mistake in enterprises add up costs and additional costs would is that the tiger team or the cloud COE team is be around course correcting the remaining limited to the organization which initiates the dependent changes. cloud program with little or no support from other functions. This team should have active f. Business acceptance costs - Plan for resources representation and participation from IT, Finance, and time required to validate business HR and procurement functions. It should include processes and application related services individuals who are evangelists by nature, driven cutover to production and post cutover by purpose, and with enthusiasm to bring about production support activities. change. This team would help lay the ground rules and carry an un-yielding resolve to address Organizational inertia concerns, take informed decisions and keep the This is the biggest word of caution in any teams motivated. technology change program. Most of the timing decisions in any migration plan are based on an The tiger team should primarily set goals for assumption that all stakeholders in the enterprise the cloud initiative that is time bound, estimate are aligned to the corporate plan. While most the cost and efforts involved while accurately stakeholders yield to the initial excitement and projecting the benefits that should define the create a positive environment for change, with success of the initiative. time, attitude becomes subject to change based on various fears, uncertainties and doubts. Though championing the change is technology led, other parameters of process change, steps Application myopia involved, and financial considerations should be Most cloud programs are planned application- governed carefully to determine measurement down. But the execution is not necessarily of success criteria. Loosely defined metrics are application down, but rather, infrastructure- likely to lead to inaccurate positive notions that up. An application-down approach may cause need to be avoided. myopic viewpoints about migration and most Finally, the tiger team should ensure cohesive of the infrastructure operational elements such functioning across different layers of technology as monitoring, security, DR/BCP etc., might be involved to define and execute a complete use lost in transit. Advance planning of application case on cloud adoption. A direct executive line dependencies and cutover support required from of sight will often determine tight governance on various stakeholders is crucial for a successful the metrics of success. cloud journey. Hypothesize the change and execute Tools selection iteratively One tool doesn’t fit all. There are plenty of A change packet is defined with measurable discovery, planning and migration tools in the outcomes across different dimensions such as market, but each of them has specific objectives cost, agility, customer experience etc. These and goals. Some are aligned to specific definitions are hypothetical and approved based cloud providers; some are aligned to specific on reasoning or gut instincts. The change packet technologies such as storage or networking. definitions therefore need to be validated at the Yet others are aligned to cost and financial end of every change packet execution. governance. Cloud programs should take into consideration the possibility of introducing the right tools reference architecture and maintain capabilities as required. 5

FIGURE 1 Hype Cycle for Cloud Computing, 2018

Source: Wipro

Change packets can disrupt multiple services Agile stories and sprints with timelines should or functions that should be considered while be defined in line with stated objectives. Scaling iterating. These include organizational processes, these in an agile manner does ensure stronger accelerating the technology adoption curve and cloud native adoption and hence careful planning also incorporating newer innovations. is necessary to ensure a cloud-agnostic approach to the same. Each iteration follows incremental value to be added to the stream with major updates and Agile methods require continuous integration releases focusing on leap frogging into next wave and deployment for build and release. This at the opportune moment. Cloud, though easy DevOps methodology is necessary to successfully to consume, can perplex users with its hidden implement agile stories for cloud adoption complexities. Delivering the change iteratively acceleration. is made possible by aligning effectively to the capabilities introduced across layers of cloud Measure and refine services. In most programs, we see that measurement functions are not implemented post change. Implement agile There has to be continuous measurement and Agile methodology was not very common in refinement engine which feeds back into the technology migration projects in the past. same change packet or into other change In cloud, it should always be an agile-first packets. methodology unless it is an absolute necessity to adopt the waterfall methodology. The agile team Automated dash-boarding and correlation of should consist of not more than 12 people with success metrics is strongly recommended. While skillsets including SREs, networking, storage, TCO this addresses the tangible success metrics for modeling, QA, application development/testing. measurement and reporting, there is typically huge intangible success that needs to be evaluated in the larger context. 6

Refinement of obvious metrics with the explicit Conclusion metrics on an ongoing basis either simplifies or Cautious iteration is a methodology that helps complicates the measurement process. However, enterprises address and reduce resistance to this is necessary to ensure we don’t lose the change. Be informed of emerging technologies forest for few trees. and beware of being disrupted, but adopt cautiously!

Govindaraj Rangan

Practice Director and Head of Cloud Transformation Services, Wipro

Govind has 22 years of industry experience across the breadth of the technology spectrum – Application development to IT operations, UX design to IT security controls, presales to implementation, converged systems to of Things, and IT strategy to hands-on. He has an MBA from ICFAI University specializing in Finance, MS in Systems from BITS Pilani, and BE (EEE) from Madras University.

Girish Jagajampi – Practice Head – Cloud Services, Wipro

Girish has 19 years of experience in technology defining streams of infrastructure virtualization, cloud, optimization, processors and platforms scalability etc. He has a Bachelor’s of Engineering from university. He is currently driving the new solutions and offerings aligned to the current cloud technology trends being accelerated by the cloud service provider’s innovations. 7

Research from Gartner Hype Cycle for Cloud Computing, 2018

Cloud computing has reached the Slope of For more information about how peer I&O Enlightenment. The next waves of technologies leaders view the technologies aligned with this building on cloud are emerging and climbing to Hype Cycle, please see “Emerging Technology the Peak of Inflated Expectations. This document Roadmap 2017-2018 (Large Enterprise).” outlines the cloud-related technologies in use and those that will become the foundation for the The Hype Cycle future of computing. Cloud has moved beyond just disrupting IT to providing the underlying basis for most future Analysis digital disruptions and future innovations. What You Need to Know Cloud exists on a spectrum and enables the Cloud computing hype continues to be high next-generation platforms upon which new IT relative to other technologies, even though it capabilities are being built. Cloud vendors and is quite far along in the Hype Cycle. Much of users alike continue to stake a claim in cloud- the cloud discussion has shifted from hype to generated growth opportunities. They sometimes inevitable mainstream acceptance. The focus has exaggerate the capabilities of cloud services and shifted from the unrealistic promises that cloud their contributions to the cloud value proposition will transform everything and the pessimistic (cloudwashing), as well as misrepresent view that it didn’t deliver, to a pragmatic terminologies, such as “hybrid cloud,” under approach that views cloud as inevitable. The the guise of pushing traditional on-premises focus is now on how to do it well versus on infrastructure and hardware. whether to do it at all. Most organizations are becoming increasingly grounded in the As cloud computing becomes mainstream, practical benefits and risks of cloud computing. many organizations find their IT environments “Cloud first” is becoming a common description include public and some private cloud alongside of enterprises’ strategies, as cloud adoption traditional IT systems. Most organizations becomes mainstream (approaching “new believe hybrid scenarios will help address the normal” status), including support for production challenges of these disparate environments. applications and mission-critical operations. However, disillusionment is increasing for Cloud services are heavily favored for new technologies associated with building out private application development, particularly when clouds (cloud management platforms, private organizations pursue digital business outcomes. infrastructure [IaaS] and private Most vendor innovations are in the cloud or at cloud itself), further driving workloads to public least cloud-inspired. clouds as organizations seek the full benefits of cloud computing. We also see a few clusters of There are ever-increasing examples of technologies appear on this Hype Cycle: organizations achieving cloud computing benefits across different industries (including • The next wave of cloud disruption (cloud- initially reluctant ones, such as finance and enabled platform services) delivering healthcare), organization sizes and geographic advanced capability around artificial regions. Understanding the landscape of cloud intelligence (AI), , Internet of service offerings, technologies and terminology Things (IoT) and so forth is critical for organizations to establish viable • The peak (serverless, multicloud and cloud strategies and find success in their use of containers), where much of the excitement is cloud service offerings. This research profiles key around specific approaches that are driving cloud computing technologies and concepts, innovation and it provides guidance to IT leaders on how to leverage the growing capabilities of cloud • The trough (private cloud, cloudbursting computing. and brokerage), where concepts that have generated significant excitement in past years are struggling with implementation challenges 8

FIGURE 1 Hype Cycle for Cloud Computing, 2018

Source: Gartner (July 2018)

This Hype Cycle (see Figure 1) includes Organizations that are finding success in their innovation profiles describing different cloud use of cloud computing not only challenge models and deployment types, as well as the cloud-related hype, but also apply practical tools and services used to test, migrate, manage assessments of cloud capabilities to recognize and secure cloud environments. We outline the organizations’ desired outcomes. Pragmatism key technology and market areas to watch is critical when evaluating cloud services. When for future opportunities, particularly in cloud- applied to the right scenarios, with the right based applications. Technologies to watch management and governance, organizations include container management, serverless PaaS, can find success in realizing practical benefits, cloud networking and cloud-native application including increased agility, elasticity, scalability, architecture. Note that many of the innovation innovation and, in some cases, cost savings. profiles in this Hype Cycle are beyond the Peak of Inflated Expectations. The Priority Matrix Cloud computing is a set of dynamic, high- The Hype Cycle includes many new (and growth markets, which causes some cloud relatively new) innovation profiles. These technologies and concepts to move through the include edge computing, multicloud, machine Hype Cycle at an accelerated rate (see Figure learning, API economy and IoT platform. 2). Transformational technologies and services, These are examples of cloud becoming critical such as application PaaS (aPaaS), hybrid cloud underpinnings of next-generation disruptions. computing and PaaS, are realizing increasing As cloud enters its second decade, it continues usage, which are accelerating their adoption. We to evolve with new types of services and are also seeing the rapid emerging industry of capabilities that make it the primary model for managed service providers offering professional a wider range of solutions. Cloud has become services and “cloud managed services.” the default style for just about everything in the future. If it is not cloud, it is legacy. 9

FIGURE 2 Priority Matrix for Cloud Computing, 2018

Source: Gartner (July 2018)

Many cloud computing technologies and important technology foundations for future concepts are two to five years away from cloud solutions over the next two to five years. mainstream adoption. IaaS has moved into mainstream adoption, followed closely by IaaS+ The relative impact of cloud and cloud-related and aPaaS. New technologies — including technologies is high and often transformational. serverless PaaSs and edge computing — are Organizations building on a cloud foundation will building in hype and will grow to become embrace transformational change more quickly and effectively than organizations bound to traditional IT environments. 10

Off the Hype Cycle individual organizations implement SRE in widely The market for cloud computing is dynamic, and varying ways. Most SRE implementations represent a changes occur rapidly. Cloud technologies and mature form of DevOps. offerings move steadily toward maturity with only a few becoming obsolete before reaching the SRE is intended to help manage the risks of Plateau of Productivity. We endeavor to represent rapid change, through the use of service-level a broad view of cloud-related technologies and objectives (SLOs), “error budgets,” monitoring concepts, which means the Hype Cycle goes (including the converging of monitoring and QA through a regular cycle of update, consolidation testing), and automated rollback of changes. and focus. SRE teams are often involved in code review, looking for problems that commonly lead to In this 2018 update, we made the following operational issues (for instance, an application notable changes: that does not do log cleanup and therefore may run out of storage), ensuring that the application • Removed: comes with appropriate monitoring and resilience mechanisms, and that the application meets • Database PaaS has matured beyond the scope DevSecOps standards. SRE teams may also be of the Hype Cycle. responsible for incident management, and nearly “Our original goal all such teams have a strong emphasis on problem when we embarked • BPaaS has been removed. management. A key SRE discipline involves root on this project was to cause analysis and prevention of future such independently price • Renamed: problems through automation and continuous 600,000 deals. feedback loops. SRE also emphasizes the virtue of We are now doing • Software-defined anything is replaced by simplicity, and the distinction between complexity more than two million software-defined infrastructure. that is essential to a system’s business function, deals in the same and accidental complexity that should be • Added: timeframe.” addressed with better engineering. Alberto Ricciotti • Cloud tethering Head of Group Pricing, Because SRE requires an organization that Capital Allocation Unit is highly skilled at automation (and usually UniCredit • Cloud networking DevOps), has adopted the principle of infrastructure as code (which usually requires On the Rise a cloud platform), has adopted resilient system Site Reliability Engineering (SRE) engineering principles, and has applications Analysis By: Lydia Leong; Christopher Little; with an agile life cycle that employs continuous George Spafford integration/continuous deployment (CI/CD), it is primarily something that is adopted by highly Definition: Site reliability engineering is a sophisticated digital organizations, or is an end- collection of systems and software engineering state aspiration of enterprises that are in the principles used to build and operate resilient midst of digital transformation. distributed systems at scale. An SRE team applies these principles — usually in combination with User Advice: Organizations can benefit from SRE DevOps and agile practices and tools — and principles even if they are not sufficiently mature, applies them to responsibilities such as risk agility-focused, or large enough to adopt SRE as management, release engineering, monitoring, a primary operations model. The SRE principles self-healing, incident management and problem for risk management, release engineering, management. An SRE team collaborates with handling service-level objectives, monitoring, developers to design, build, and continuously automation, and self-healing can be applied improve systems that meet service-level to a broader range of cloud-native and digital objectives. applications. SRE also represents a useful end state of evolution for DevOps-driven operational Position and Adoption Speed Justification: transformations. Finally, SRE can be a useful Site reliability engineering is a discipline originally approach to frame the continuous improvement created by , and was described in the 2016 of operations across the organization. book, “Site Reliability Engineering: How Google Runs Production Systems.” It is gradually being adopted An SRE initiative should have an executive more widely, both by digital-native organizations as sponsor. The pilot project should have the well as traditional enterprises. SRE emphasizes the following characteristics: engineering disciplines that lead to resilience, but 11

• The target application must change rapidly Maturity: Emerging yet maintain high availability in order to maximize business value. Stakeholders should Blockchain PaaS be politically friendly. Analysis By: Paul Vincent; Rajesh Kandaswamy; Yefim V. Natis • The pilot must demonstrate sufficient value to improve credibility and support, yet also Definition: Blockchain have an acceptable level of risk, allowing the (bPaaS) is a set of blockchain software platform stakeholders to learn. services offered in the cloud by a vendor, for subscribers. Services can include some or all • The initial SRE team must have a collaborative of the distributed ledger, node or consensus engineering mindset, strive to continuously mechanisms, and other ancillary services to learn and improve, and desire to automate manage a network of distributed ledgers on the tasks to reduce repetitious manual work, vendor’s cloud infrastructure. Another term for which is known as “toil.” It is often easiest these services is (BaaS). to move DevOps-skilled employees from different parts of the organization, due to the Position and Adoption Speed Justification: relative difficulty of hiring engineers with bPaaS is a recent cloud service offering from SRE experience. A site reliability engineer enterprise cloud vendors, such as IBM, is typically a software engineer with an (Azure) and Oracle, and small technology excellent understanding of operations, or, less startups — such as BlockApps, BlockCypher frequently, an infrastructure and operations and Wanxiang Blockchain Labs. Solutions in engineer with strong programming skills. the market today are in the early stages of development and adoption, and mostly used for • There must be clear SLOs that can be performing proofs of concept (POCs). Developers continuously monitored and reported against. seeking to implement blockchain-based applications require specific services that span • The application development team must compute, application, storage and network. The collaborate with the SRE team to meet SLOs. cloud vendors aim to combine these services to Developers are responsible for a resilient provide enterprises with a one-stop service shop architecture and reliable code. SREs should that brings the benefits of cloud elasticity and not spend more than 50% of their time on ad compute costs to blockchain. Each bPaaS vendor hoc operational activities. Any excess should attempts to add unique elements around security, go to the developers for support. interoperability, analytics and performance, in order to differentiate their offerings, in exchange The pilot should not be followed by a general “go for single-sourcing and centralization of public live”; instead, iteration should be used to evolve execution and ledger storage. the state of SRE practices. The teams involved should share experiences and lessons learned. These offerings are new and we expect the field of competitors to grow over time. In many cases, Business Impact: SRE is primarily useful to fast- the cloud vendor’s bPaaS supports one or a moving digital businesses, due to its emphasis few blockchain platforms. Support for different on the balance between the ability to change consensus mechanisms, tools, frameworks and rapidly, and systems stability. The SRE approach smart contract capabilities remains limited to DevOps is intended to produce systems that — and continues to evolve. Interoperability for despite frequent change, unpredictable customer distributed ledgers across competing platforms demand and global scale — are reliable, or clouds is nonexistent at this early stage of performant and secure. For such businesses, evolution. Yet, relying on one vendor for all SRE may be an essential discipline not just for nodes of the distributed ledger negates some of achieving business objectives and maintaining the advantages of a using a distributed ledger operational stability, but also for controlling costs in the first place. The core value of a distributed by avoiding unnecessary manual operations, and ledger, which has fueled the hype and interest freeing up skilled personnel to work on value- among many in the technology industry, is to added activities. enable decentralized/distributed open-source applications that avoid reliance on just one Benefit Rating: Moderate organization, server, or network. The initial versions of bPaaS trade this core value for Market Penetration: Less than 1% of target the convenience of vendor assistance, although audience this trade-off is expected to be addressed by interoperability and standardization in the future. 12

bPaaS encompasses platform services only. Over Benefit Rating: Moderate time, however, we expect other blockchain-based application and business services to become Market Penetration: Less than 1% of target available in the cloud as blockchain SaaS. audience

Currently, the primary value of bPaaS is to “jump- Maturity: Emerging start” the ability of enterprise developers to rapidly set up an initial test system or prototype Sample Vendors: Web Services; — as opposed to a truly decentralized production BlockCypher; Blockdaemon; IBM; Microsoft system. Because bPaaS is dependent on a (Azure); Oracle; Wanxiang Blockchain Labs restricted perspective of blockchain, and is also affected by blockchain’s immaturity, it remains Cloud to Edge Development Support “on the ramp” toward the Peak of Inflated Analysis By: Bob Gill Expectations. Definition: Cloud to edge development support User Advice: Current bPaaS offerings can help describes the extension of hyperscale cloud jump-start your POCs, smaller projects or your providers’ programming models, SDKs and in experiments with blockchain technologies, some cases, OS types for development and use as long as you are comfortable with limiting on edge devices, such as IoT “things” and single your experience to what bPaaS can provide. As board development platforms. blockchain technologies and bPaaS offerings evolve, we expect a wider range of options to Position and Adoption Speed Justification: be available — additional services and increased While hyperscale cloud providers have exposed interoperability. Be aware that cloud providers such capabilities for several years, the widespread support a limited set of platforms, yet the availability and rapid adoption of these services overall landscape of choices is large and rapidly on broadly supported devices such as Raspberry evolving. Enterprises that avail themselves of Pi, DragonBoard and others, along with a major PaaS services might consider the same vendor’s marketing and investment push, has brought bPaaS services. There are more than 100 these platforms to the forefront. Just as edge blockchain platform choices, but cloud vendors computing and IoT continue to advance on the currently support less than 10% of them. Hype Cycle, cloud-to-edge capabilities provide an additional boost with the technology investment Every blockchain platform will undergo major of the hyperscalers, adding momentum. changes during the next two to five years, rendering any choice effectively obsolete within User Advice: We recommend enterprises 24 months. Enterprises should therefore avoid evaluate the capabilities (and gaps) of the commitments to bPaaS for mission-critical leading hyperscale providers cloud-to-edge initiatives until greater maturity occurs and offerings, and factor in the likelihood of very platforms and services are interoperable across decentralized cloud solutions to augment the heterogeneous environments. Understand all current centralized model. While cloud as a style aspects of the blockchain technologies you will of computing has never mandated centralization, need, and ensure they can be supported on the the economies of hyperscale and the centralized bPaaS offering of interest. Be extra cautious in deployments of massive compute regions has your bPaaS decision when managing initiatives prepared for a “cloud as centralized” status quo. that involve multiple organizations. By extending their models to the absolute edge, the status quo may be overturned. Business Impact: bPaaS will be attractive for enterprises for initial limited-scale experiments Business Impact: By extending their platform and POCs. Among the various types of blockchain reach to the edge, hyperscale providers allow projects, internal ones will be more suitable for development and deployment of integrated such services compared with projects that span solutions across the gap between centralized multiple entities where all parties need to agree and distributed models. While such capabilities on a common bPaaS. bPaaS offerings will need to may be targeted toward integrators and service evolve for better interoperability. If they evolve providers, technically aggressive enterprises to support enterprise needs and full blockchain may experiment to gauge their capabilities to characteristics, they will be become an option extend the centralized cloud compute model. that enterprises should evaluate as they plan Such SDK and OS pairings provide one solution infrastructure for their blockchain projects. to the thorny development issues of providing security, orchestration and directory services for 13

potentially millions of endpoint devices. These part of the organization deals with the enabling offerings also provide the hyperscale cloud and only the subscribing part of the organization providers a mechanism for augmenting their gets the serverless experience. Public or private, to-date-centralized compute models, allowing serverless effect can only be delivered by a cloud for more real-time capabilities, including to service that conceals and manages underlying devices, people and things with intermittent server and container operations. communications links. Whether the average enterprise actively develops such applications As the full scope of serverless delivery of itself is not as important; the demonstration of PaaS capabilities rolls out, the definition will extended cloud capabilities and availability of likely be refined — relaxed in some aspects useful products will drive both cloud and edge and possibly further constrained in others. For services further into broad use. example, future serverless PaaS will support optional preprovisioning and autoscaling, Benefit Rating: High offering lower costs to the applications with steady and predictable demand for resources Market Penetration: 1% to 5% of target (Azure Functions support it already); support for audience stateful operation will likely also be adopted (the serverless dbPaaS, like Amazon DynamoDB, of Maturity: Emerging course, are stateful already). Future serverless PaaS will likely also support multidimensional Sample Vendors: AWS; Google; Microsoft SLAs related to performance and throughput, auto-adjusting of memory and CPU, AI-driven Serverless PaaS runtimes and execution. The current market Analysis By: Yefim V. Natis; Anne Thomas dynamic already reflects these trends. Adoption of fPaaS is rapidly increasing new business Definition: A PaaS offering delivered with applications, in new vendor renditions of fPaaS serverless characteristics is serverless PaaS. (including most recently Oracle, Pivotal and Serverless is a way of delivering an IT service Red Hat) and the emergence of several open- where the underlying resources are opaque, source serverless programming frameworks and require no preprovisioning, and are micropriced. platforms (including OpenFaaS, Fission, Kubeless Function PaaS (fPaaS) is the most notable and Apache OpenWhisk). example of a serverless PaaS that layers additional constraints (event-driven triggering The principles of serverless are also increasingly and limited execution time and memory), and not applied beyond just the fPaaS or public cloud a part of other serverless PaaS like databases, API — other cloud services from various providers managers or event brokers. are delivered serverless, including databases (Cosmos DB FaunaDB, Amazon DynamoDB), Position and Adoption Speed Justification: API managers (Amazon API Gateway and Azure Serverless delivery of IT services has gained API Management), message and event brokers broad notice after Amazon popularized its AWS (Google Cloud Pub/Sub, Azure Event Grid) and Lambda function platform as a service (fPaaS). other specialized xPaaS. fPaaS operational Although some associate the notion of serverless experience will become the foundation for exclusively with fPaaS, the significance of the more general serverless PaaS. As fPaaS serverless, as delivered by the leading vendors evolves beyond hype — through the inevitable (including Amazon, Google and Microsoft), disappointments and toward the Plateau of extends beyond functions. All PaaS capabilities Productivity — serverless PaaS will follow, can be delivered with serverless characteristics; building on the fPaaS lessons learned, but also of which some are already and most will in the creating its own hype and disappointments future. Serverless PaaS will augment, and in before maturity. The market interest in some cases replace, the traditional transparent “serverless” beyond just the fPaaS is bound to model of delivery, such as the model of continue to increase, as fPaaS matures and its (), AWS Elastic Beanstalk or benefits become increasingly attractive. IBM Cloud Liberty for Java. User Advice: Application leaders, CIOs, CTOs, IT Serverless PaaS can be achieved on-premises by leaders and planners should: the way of first establishing the true private cloud and then deploying one of the now-emerging • Use fPaaS offerings as representative open-source serverless frameworks, like Pivotal of serverless PaaS to build in-house Function Service. In that case — the provider understanding of the trade-offs of the new platform delivery model, but with clear 14

understanding that some of the constraints Cloud Tethering on design of functions (such as the event- Analysis By: Jay Heiser driven model or duration of execution) are not attributes of the general serverless model. Definition: Cloud tethering is an application fPaaS is a special purpose example, but not delivery model in which a device-based the definition of serverless. application is linked to the provider’s cloud service for licensing. The provider gains greater • When selecting platforms for cloud-native confidence that licensing rules are followed, initiatives, look for platform services that while customers benefit from access to new closely approximate or match the serverless features and updates enabled through the cloud. delivery model to achieve improved productivity, cost-efficiency and consistency Position and Adoption Speed Justification: of outcomes, but ensure that the cost The success of “thick” applications on implications and design constraints are not a smartphones and tablets has provided inspiration counter-indication. for software vendors to replace their traditional packaged desktop application approach of a • Avoid the serverless model if the project serialized licensing model with a one-time requires advanced and direct forms of control installation process. Arguably, the phenomenon is over application infrastructure operations, or relatively mature on Android and iOS devices, but where cost estimates are excessive. it is much less prevalent with PC applications. The advantages are compelling, though. Tethering • Make the cloud platform selections with desktop applications to the vendor’s cloud, which an effort to minimize vendor or service automatically updates the desktop software (as lock-in; increase investment in integration long as a credit card number is still on file), offers technology and practices — because ongoing the potential for a near-continuous deployment of innovations, including the increasing adoption updates and fixes, and it meets vendor business of serverless delivery model, will continue to goals for cash flow. compel you to consider alternative options in platforms and vendors. To make cloud tethering more appealing to consumers, and to create a dependency on Business Impact: Serverless PaaS represents continued use of the application, application the true cloud-style operations for cloud platform providers have explored a variety of cloud-based services. Adoption of a serverless PaaS delivery augmentations to the desktop “client,” including model will increase productivity and efficiency and collaboration, cloud processing of PaaS, and help to streamline development, and internet searching. As desktop computer scale operations and reduce infrastructure costs. usage continues to decline in favor of a mix of It will create a more consistent and manageable endpoints, including tablets, phones and web environment for cloud applications, but the browsers, cloud-tethered applications provide the improvements will require adjustments in the user with a single view of their application and its practices and strategies of planning, designing data, no matter what edge device they happen to and operating the PaaS-based solutions. The be using. adjustments, in turn, will render some current cloud applications new legacy and will require User Advice: For the most part, consumers will some new training and tooling. Ultimately, the have no ability to choose whether or not to use business experience of the “serverless IT” will a cloud-tethered application, and vendors that feature increased scalability, reduced costs and are still offering a traditional licensing model to faster times to market for IT-supported business enterprises are learning that they likely will not initiatives. need to do so in the long term. At this point, the ability to choose between the old and new model Benefit Rating: Moderate is rapidly declining. Procurement professionals will be increasingly challenged to negotiate Market Penetration: 5% to 20% of target with software vendors that would prefer a totally audience automated sales model. Maturity: Emerging Cloud tethering changes the licensing model, significantly reducing licensing violations. The Sample Vendors: ; relatively low cost of a single seat, and the use Google; IBM; Microsoft; Oracle; Pivotal; Red Hat of credit-card-enabled subscriptions, means that the emphasis of IT staff responsible for software 15

asset management is shifting from compliance Benefit Rating: High management, financial and even performance management. Market Penetration: 1% to 5% of target audience The value-add mechanisms and especially the multidevice convenience enabled by cloud- Maturity: Adolescent tethering are encouraging greater use and variety of SaaS, which over time increases the business Sample Vendors: Adobe; ; Concur demand for SaaS integration or customization. Technologies; ; LinkedIn; Microsoft The ability to support a variety of different thick and thin clients adds further complexity to the Immutable Infrastructure SaaS applications. Decisions to use a new SaaS Analysis By: Lydia Leong app, or to introduce a new use case, should evaluate the “agility risk” — the degree to which Definition: Immutable infrastructure is an some future form of enterprise value-add may be architectural pattern in which the system and undesirably difficult or impossible. application infrastructure, once instantiated, is never updated in-place. Instead, when changes The seamless mixing of end-user devices are required, the infrastructure is simply replaced. inherent in cloud-tethered offerings makes it Immutable infrastructure could encompass the extremely difficult to prevent proprietary or entire application stack, in-versioned templates regulated data from flowing from the enterprise provisioned using API-enabled infrastructure through personal devices out to unauthorized capabilities, which are most commonly available people, home PCs or unsanctioned cloud-based in cloud infrastructure as a service (IaaS) or collaboration. Organizations that are heavily platform as a service (PaaS). motivated to control sensitive data should consider the use of cloud access security broker Position and Adoption Speed Justification: (CASB) tools to track or block data flow. A small Immutable infrastructure is typically used by number of SaaS collaboration applications organizations that take a DevOps approach provide encryption mechanisms, including to managing cloud IaaS or PaaS; however, it information rights management, which can can be used in any environment that supports prevent access to data by unauthorized people. “infrastructure as code.” It represents a significant change in process for traditional In many cases, the vendor’s cloud is the primary infrastructure and operations (I&O) organizations. or exclusive storage location. Cloud tethering It may be instantiated using native cloud increases the urgency associated with SaaS capabilities, such as Amazon Web Services’ vendor risk management and cloud contingency CloudFormation or ’s Resource planning. The vendors are aware that not all Manager templates; cloud management of their customers are permanently tethered platforms (CMPs), such as RightScale; software to the internet, and have engineered some tools, such as HashiCorp’s Terraform; or the “statelessness” into their applications, but poor customer’s own automation scripts. performance and even complete failure can occur when endpoints do not have broadband access. Some or all of an application stack will be instantiated, often in the form of virtual machine Maintain a registry of SaaS in use to ensure (VM) images combined with continuous that the risks associated with the above configuration automation (CCA) tools — considerations are recognized, managed and, if such as Ansible, Chef or Puppet — that run necessary, eliminated. after the initial boot of the VM. However, in environments that use OS containers, containers Business Impact: Software tethering represents may be quickly replaced, whereas VMs remain yet another reduction in IT’s ability to control constant. Containers improve the practicality the use of digital assets. It is one of several of implementing immutable infrastructure and aspects of public cloud computing that is will drive greater adoption in cloud, as well as reducing the need to perform many of the noncloud, environments. routine tasks traditionally performed by the IT staff, while creating needs for new forms of User Advice: Immutable infrastructure is used to control and digital optimization. For the most ensure that system and application infrastructure part, the enhanced functionality enabled through is accurately deployed and remains in a known- an intimate relationship with the public cloud good-configuration state. It can simplify change will provide capabilities that the individual and management, support faster and safer upgrades, business department welcome. 16

reduce operational errors, improve security, and delivery environments. It is even more vital simplify troubleshooting. It can also enable rapid for continuous deployment environments. replication of environments for disaster recovery, Organizations with high-security or regulatory geographic redundancy or testing. compliance needs should also strongly consider adopting immutable infrastructure in order to The application stack for immutable infrastructure continuously maintain consistent, compliant is typically composed of layered components, configurations without traditional patch each of which should be independently versioned management. Broadly, most organizations with and replaceable. The base OS for the stack may environments that support “infrastructure as be updated using traditional patching tools, or code” may be able to benefit from immutable automatically or manually updated. Automation infrastructure. IT organizations that adopt is then used to bundle components into artifacts immutable infrastructure must adapt their suitable for atomic deployment — for example, application life cycle and operational processes a tool such as HashiCorp’s Packer may be used around this architectural pattern. The success to create VM images, or Docker may be used to of immutable infrastructure depends on having manage container images. However, immutable the operational discipline to ensure that the infrastructure typically consists of more than infrastructure is truly immutable and disposable. just compute infrastructure. Storage, network and other resources are also provisioned as part Benefit Rating: Moderate of the atomic deployment. The scripts, recipes, and other code used for this purpose should Market Penetration: 1% to 5% of target be treated similarly to the application source audience code itself; this requires appropriate software engineering discipline. Maturity: Adolescent

Some organizations that use immutable Sample Vendors: Amazon Web Services; Fugue; infrastructure will reprovision only when a HashiCorp; Microsoft; RightScale change is made, whereas others automatically refresh the infrastructure at frequent intervals At the Peak to eliminate configuration drift or the possibility Edge Computing of advanced persistent threats. Frequent refresh Analysis By: Bob Gill; Philip Dawson is only practical in environments with fast and reliable provisioning; thus, it benefits strongly Definition: Edge computing describes from containers. a topology where information processing is placed close to the The use of immutable infrastructure requires things or people that produce and/or consume strict operational discipline. IT administrators that information. Drawing from the concepts should eliminate the habit of making one- of mesh networking and distributed data off or ad hoc modifications in order to avoid centers, edge computing looks to keep traffic configuration drift. Updates must be made and processing local and off the center of the to the individual components, versioned in a network. The goals are to reduce latency, reduce source-code-control repository, then redeployed unnecessary traffic, and establish a hub for so that everything is entirely consistent. No interconnection between interested peers and software, including the OS, is ever patched “live.” for data thinning of complex media types or Organizations that use immutable infrastructure computational loads. may turn off all normal administrative access to instantiated compute resources — for example, Position and Adoption Speed Justification: not permitting Secure Shell (SSH) or Remote Most of the technology for creating the Desktop Protocol (RDP) access. IT leaders should physical infrastructure of edge data centers is set a hard date for when all new workloads readily available, but widespread application will use immutable infrastructure if technically of the topology and explicit application and feasible; deadlines can be effective motivators of networking architectures are not yet common behavior change. outside of vertical applications such as retail and manufacturing. As IoT demand and use cases Business Impact: DevOps-oriented proliferate, the acceptance of edge computing organizations that can instantiate infrastructure as the topological design pattern (namely via automation — typically, in cloud IaaS, PaaS the “where” a “thing” is placed in an overall or container services — should strongly consider architecture) has dramatically increased interest using immutable infrastructure for continuous in edge. Systems and networking management 17

platforms will need to be stretched to include Position and Adoption Speed Justification: edge locations and edge-function-specific Hyperscale computing is a radically technologies such as data thinning, video transformational architecture and IT management compression and analysis. style that demands new skills but can offer excellent economies of scale. A full hyperscale User Advice: We urge enterprises to begin application stack consists of components that considering edge design patterns in their must facilitate scaling on demand, as well as the medium- to longer-term infrastructure elimination of human labor for management, in architectures. Immediate actions might include favor of automation, including: simple trials using colocation and edge-specific networking capabilities or simply placing remote- • A massive data center designed to house location or branch office compute functions in scale-out hardware. a standardized enclosure (e.g., “data center in a box”). Some applications, such as client-facing • Hyperscale servers — traditionally, x86- web properties and branch office solutions, will based servers with minimalist designs and be simpler to integrate and deploy, while data no hardware redundancy, which are used to thinning and cloud interconnection will take deliver compute capacity along with software- more planning and experimentation to get right. defined storage and network capabilities. We are beginning to see viable offerings from These servers are often custom-engineered, the hyperscale cloud providers in extending their although vendors have begun to sell servers programming models and management systems based on standard designs such as the Open to edge-located devices, complementing their Compute Project or Project Scorpio (in Asia). mostly centralized computing model with a distributed analog. • Optionally, hypervisor-based virtualization (typically open-source-based, such as KVM Business Impact: Edge computing solves many or Xen), or “off-box” virtualization (typically pressing issues such as unacceptable latency and using a PCI Express card). bandwidth limitations given a massive increase in edge-located data. The edge computing • An infrastructure management plane that topology will enable the specifics of IoT, digital performs resource management. business and IT solutions uniquely well in the near future. • A minimalist OS such as Red Hat Enterprise Atomic Host or Microsoft Nano Server; Benefit Rating: Transformational a purpose-built OS such as Cumulus Linux (used for network switches); or a standard OS Market Penetration: 5% to 20% of target reduced to the essentials. audience • Optionally, OS containers with container Maturity: Adolescent management and orchestration.

Sample Vendors: Amazon; Apple; Google; • Scale-out application infrastructure, Microsoft architected for resilience to failure at lower levels of the stack. Hyperscale Computing Analysis By: Lydia Leong • The scale-out application, architected for resilience to failure at any level of the Definition: Hyperscale computing is a set of stack, including failure of other application architectural patterns for delivering scale-out components. The application is likely to be IT capabilities at massive, industrialized scale. decomposed into microservices. These patterns span all layers of the delivery of IT capabilities — data center facilities, hardware and Each of these architectural patterns exists system infrastructure, application infrastructure, at different levels of maturity. It is rare for and applications. Nonhyperscale components organizations to have fully implemented can be layered on top of hyperscale components, hyperscale computing; few have the scale of but the overall architecture is only “hyperscale” infrastructure consumption or the extensive through the level where all components use a software engineering skills needed to hyperscale architecture. cost-effectively implement all the custom management software necessary. Thus it is almost solely the domain of companies such as , Google, and Tencent. However, 18

hyperscale cloud services such as Amazon Web Sample Vendors: Amazon Web Services; Services, Microsoft Azure and Cumulus Networks; Facebook; Google; Quanta have made many such capabilities available to Computer; Supermicro IT buyers, who may use these services to deploy nonhyperscale or hyperscale applications. Cloud Managed Services Analysis By: Craig Lowery; Ed Anderson User Advice: Only the most technologically capable early adopters should consider fully Definition: Cloud managed services are IT implementing hyperscale computing themselves, service offerings that provide for the day-to-day and should only consider the purchase of management of and operational responsibility hyperscale servers for massive-scale, horizontally for cloud service environments. Cloud managed scalable applications where all resilience can be services generally include day-to-day monitoring provided by the software. HPC applications may and management of cloud service environments be a good first target. including configuration management, performance management, cost optimization, However, nearly all IT organizations can security and compliance monitoring, capacity benefit from the use of hyperscale cloud management, financial management and services. Hyperscale cloud IaaS uses hyperscale governance. Cloud services brokerage is often architectures at the management plane level delivered as a cloud managed service. and below for VM-based IaaS, or at the container level and below for container-based IaaS. Position and Adoption Speed Justification: Providers may also offer hyperscale PaaS layer Cloud managed services can meet many of the services, which use hyperscale architectures at needs of organizations today. However, providers the application infrastructure level and below. have varying levels of capability based on Customers must write scale-out applications the specific technologies and personnel roles to take full advantage of these capabilities, but they use to deliver their services. The use of even nonhyperscale applications can benefit from automation in the delivery of cloud managed the cost efficiencies of the underlying hyperscale services is a significant differentiator. Like end- infrastructure. user organizations, providers are faced with the challenges of sourcing tools and developing IT organizations may also benefit from a skilled workforce to meet the demands hyperscale-derived architectural patterns at of a growing, volatile market. Cloud service particular layers, since these patterns often providers also typically provide consultative represent best practices for scalability at each of and implementation (professional) services, those layers. Web-scale IT derives its inspiration again with varying degrees of capability across from hyperscale architectural patterns and should providers. be considered as a practical alternative. Demand for cloud managed services will Business Impact: Hyperscale computing continue to increase as organizations move has the potential to dramatically lower the from simple to more complex cloud use total cost of ownership (TCO) of infrastructure cases, often involving hybrid cloud solutions. and applications. However, much of this TCO Strong cloud managed services providers will reduction is due to the purpose-built nature demonstrate cloud capabilities aligned with of most hyperscale architectures, which are hyperscale IaaS+PaaS providers and will embrace usually highly tailored to run a small number of new technology innovations such as artificial applications or specific application patterns. The intelligence, automation, data services, IoT and broader the workloads that must be supported, edge computing. the lower the potential cost savings. In the near term, most organizations will not implement User Advice: Organizations considering cloud hyperscale computing themselves, but instead managed service offerings must carefully assess will use hyperscale cloud services. providers to ensure the provider has sufficient current expertise and a track record of success. Benefit Rating: Transformational Providers typically offer cloud-related IT service offerings across the adoption spectrum from Market Penetration: 1% to 5% of target advisory services (design), implementation audience services (build) and managed services (run). Look for providers with capabilities across this Maturity: Adolescent continuum and a defined product roadmap. These attributes are present in the providers that 19

are most likely to have a full understanding of Benefit Rating: High cloud-specific requirements and therefore the most complete cloud professional and managed Market Penetration: 5% to 20% of target service capabilities. audience

Other factors to consider: Maturity: Adolescent

• Demonstrable partnerships with leading cloud Sample Vendors: 2nd Watch; Accenture; providers, including partner status in cloud Allcloud; Cloudnexa; Cloudreach; Deloitte; DXC; provider partner programs Rackspace; Tata Consultancy Services

• Proven expertise and commitment to Cloud Service Expense Management long-term support of your strategic cloud Analysis By: Dennis Smith provider(s) Definition: Cloud service expense management • Certifications held by individual engineers, (CSEM) is the practice of reviewing and operators and deployment managers reconciling the charges for services provided by external cloud service providers (CSPs). A set of • Customer use cases demonstrating successful vendors provide tools to answer questions such delivery of managed service offerings as, “Did you get what you paid for?” and “Are you paying for the right things?” Managing cloud • Expertise in the industry, region and country expenses is becoming increasingly important, associated with the target environment because, as organizations increase the number of cloud services they use, many don’t understand • Demonstration of innovation in delivering new their external cloud consumption and the capabilities beyond cloud associated expenses. • Integration of noncloud capabilities in an end- Position and Adoption Speed Justification: to-end visibility and management scheme The need to provide cost management within cloud deployments has become prominent as • Investment in cloud and digital technologies investment in public cloud resources grows consistent with market trends, such as and the need for expense transparency also multicloud management and hybrid cloud increases. Organizational maturity regarding computing CSEM continues to lag. The energy associated with using external cloud resources has outpaced Selecting a cloud managed services provider efforts to gain a deeper view of expenses. may create a dependency on the provider that can be difficult to sever in the event the provider There is increased industry awareness of the need cannot successfully deliver the offering. Perform for this functionality as public cloud adoption has a careful and thorough inspection of the services increased. Many vendors that initially provided prior to making long-term commitments. CSEM functionality are now combining this with related functionality such as governance and/ Business Impact: Cloud managed services can or cloud workload optimization. Initially, cloud fill a critical function in managing and operating management platforms (CMPs) did not address a cloud service environment. When coupled CSEM, but recently more CMPs have added the with innovation, cloud managed services can functionality. Additionally a number of stand- help an organization exploit the full capabilities alone CSEM vendors have been acquired with of the cloud for near- and long-term benefits. their capabilities being integrated with other Most organizations will engage cloud managed capabilities provided by the acquiring company services to assist with the immediate challenges (often workload optimization and governance). of running a complex cloud environment, usually after assisting with a mass migration from an on- User Advice: IT leaders need a strong premises facility. In this case, the organization will understanding of their external cloud expenses. recognize only moderate benefits. However, when They should deploy processes and tools to: organizations work with their providers to unlock the uniquely disruptive potential possibilities • Determine who in the organization is of cloud and engage in more innovative, digital spending money on cloud resources. processes, the outcomes can be transformative and return far greater value for the organization on its cloud computing investment. 20

• Ascertain whether they’ve gotten what they case of hybrid cloud computing, which is a paid for — to gain an understanding of the broader term. expense, IT leaders need to know whether they received the appropriate services Hybrid cloud refers to multiple cloud services associated with the expenditure. from multiple providers. It does not specify the origin of those services, but in most cases a • Obtain the best value possible — IT leaders public source and a private source are involved. need to track the services they need against Hybrid cloud, as a broad term, is subject to more the expenses incurred, and to determine hype and confusion and is more common. whether there are more efficient ways of obtaining the same required services. Position and Adoption Speed Justification: Multicloud computing can be planned or can • Evaluate usage for what was contracted — evolve due to multiple groups in an organization overprovisioning can be costly, so IT leaders making decisions to procure multiple services need to identify whether they’re using the from different providers. An example of this services for which they’ve paid. is when multiple cloud providers are used as part of a high availability or redundancy or exit • Align expenses to needs — IT leaders need to strategy in a planned manner. Multicloud is much be able to interrogate the expenses incurred more common in IaaS (and converged IaaS/ and to determine whether they’re being PaaS) scenarios than SaaS. While it is possible properly applied to real imperatives. for multi-SaaS environments in an organization, these would typically be stovepiped types of If you are looking to select or have deployed a situations. Multicloud does not include very CMP tool, look to see what CSEM capabilities are common situations such as using Amazon Web provided. Services (AWS) for IaaS and Microsoft Office 365 for cloud office SaaS. Do not accept your service provider’s invoice at face value. Even if it’s accurate, you can probably Multicloud computing can provide advantages of identify potential expense reductions or invest lowering the risk of cloud provider lock-in, can in more processing power for applications or specify functional requirements that a business services that create additional business value. unit may have, and can provide service resiliency and migration opportunities, in addition to the Business Impact: CSEM has the potential to core cloud benefits of agility, scalability and affect business services and processes across all elasticity. verticals. This involves the ability to compare costs, identify waste and create more-efficient As with many cloud-related concepts, there are spending opportunities. Treating public cloud many variations in real-world use and scope. resources in a businesslike manner — optimizing In this case, there are “multicloud strategies” resource unitization and managing spending that entail the various goals (e.g., exit strategy, — will enhance IT’s credibility by delivering portability, use of multiple providers — but don’t business value in terms that business leaders specify details) and “multicloud solutions” (which understand. rely on architectural principles and specific implementation details). Benefit Rating: High User Advice: When using multiple cloud Market Penetration: 5% to 20% of target computing services, establish security, audience management, governance guidelines and standards to manage cloud service sprawl and Maturity: Adolescent increasing cost, and develop decision criteria to decide placement of services. Multicloud Sample Vendors: Cloudability; CloudCheckr; implementations will need coordination and CloudHealth Technologies; RightScale strategy across the enterprise to identify the type of services needed and deliver the benefits Multicloud of a cloud environment. IT organizations will Analysis By: David Mitchell Smith also need training, skilled engineers, and be prepared for the additional expense. Use of a Definition: Multicloud computing refers to the cloud management platform (CMP) and/or a use of cloud services from multiple public cloud cloud service brokerage (CSB) in a multicloud providers for the same purpose. It is a special 21

environment can enable organizations to Most common use of container is focused implement governance and optimizations, but specifically on Linux environments, and care must be taken to not just shift vendor lock- management software follows accordingly. Native in to a CMP or CSB vendor. containers have been introduced to in Windows Server 2016, but still Business Impact: Multicloud provides an significantly lag Linux containers in every respect. organization with agility and the potential of some target cost optimization opportunities. It Among the functionality that container also provides a basis to lower cloud provider lock- management systems provide are orchestration in and increase workload migration opportunity. and scheduling; monitoring and logging; security and governance; registry management; and links Benefit Rating: High to CI/CD processes. Among the vendor offerings are hybrid container management software, Market Penetration: 1% to 5% of target public cloud infrastructure as a service (IaaS) audience solutions specifically designed to run containers, and PaaS frameworks that have incorporated Maturity: Adolescent integration with container management software.

Sample Vendors: Amazon; Google; IBM; There is a high degree of interest in, and Microsoft; Oracle awareness of, containers within early-adopter organizations, particularly in North America, and Container Management significant grassroots adoption from individual Analysis By: Dennis Smith; Arun Chandrasekaran developers. Consequently, containers will be used with increasing frequency in development Definition: Container management software and testing — particularly for Linux. Early adopter supports the management of containers at organizations are using container runtimes scale in production environments. This category in production environments, and many IT of software includes container runtimes, organizations have begun to explore how such container orchestration, job scheduling, resource use would alter processes and tools in the future. management and other container management Container management software is likely to capabilities. Container management software remain an early-adopter technology for the next brokers the communication between continuous year or two. integration/continuous deployment (CI/CD) pipeline and the infrastructure via APIs and aid in User Advice: Organizations should begin life cycle management of containers. exploring container technology as a means for packaging and deploying Linux applications Position and Adoption Speed Justification: and their runtime environments. Depending Interest in containers is rising sharply, due to on the environment, container management the introduction of container runtimes, which tools are often deployed complementarily with have introduced common container packaging continuous configuration management tools. formats that are more easily consumable by, and As container integration is added to existing useful to, application developers and those with DevOps tools and to the service offerings of a DevOps approach to IT operations. Container cloud IaaS and PaaS providers, DevOps-oriented runtimes, frameworks and other management organizations should experiment with altering software have increased the utility of containers their processes and workflows to incorporate by providing capabilities such as packaging, containers. An organization may be a good placement and deployment, and fault tolerance candidate for exploring a cloud-native container (e.g., cluster of nodes running the application). management tool in conjunction with OS Container management software integrates these containers (as an alternative to hypervisor-based various elements to simplify deploying containers cloud management platforms), if it meets the at scale. Many vendors enable the management following criteria: capabilities across hybrid cloud or multicloud environments by providing an abstraction layer • It’s DevOps-oriented or aspires to become across on-premises and public clouds. Container DevOps-oriented management software can run on-premises, in public infrastructure as a service (IaaS) or • It has high-volume, scale-out applications simultaneously in both for that purpose. with a willingness to adopt microservices architecture; or large-scale batch workloads 22

• It’s able to ensure security and isolation to Position and Adoption Speed Justification: enable trust between containers Enterprises continue to add IoT capabilities to assets and products, seeking benefits such • It intends to use an API to automate as asset optimization, better interactions with deployment, rather than obtaining customers, and new business opportunities such infrastructure through a self-service portal as product as a service. The sophistication, scale and business value of these interactions call for Business Impact: Container runtimes make specialized technology resources, resulting in the it easier to take advantage of container IoT platform. The IoT platform may be deployed in functionality, including providing integration a hybrid cloud or edge fashion to meet technical with DevOps tooling and workflows. Containers or business objectives. The edge software is provide productivity and/or agility benefits, further distributed between the endpoints and including the ability to accelerate and simplify gateways. the application life cycle, enabling workload portability between different environments and Continued vendor hype, along with culture, improving resource utilization efficiency and schedule, security and technical challenges for more. Container management software simplifies IoT projects, has pushed IoT platforms past the the art of achieving scalability, production Peak of Inflated Expectations. 2018 sees many readiness and optimizing the environment to large vendors reorganizing their IoT businesses meet business SLAs. and evolving their offerings and market strategy. A further complication is the rise of embedded Benefit Rating: Moderate solutions by OEMs using them as part of existing business operations. These issues also lead us to Market Penetration: 5% to 20% of target push out the time to plateau to five to 10 years. audience User Advice: CIOs should factor in the following Maturity: Emerging for their IoT platform strategy:

Sample Vendors: Amazon Web Services; • Project strategy: Identify the range of IoT Docker; ; Mesosphere; projects for your enterprise, and segment Microsoft Azure; Pivotal; Rancher Labs; Red Hat them by their complexity and business objectives. This will help you establish a IoT Platform flexible, multivendor architecture. Start Analysis By: Alfonso Velosa; Eric Goodness; with smaller initiatives to build momentum, Benoit J. Lheureux test business hypothesis and acquire implementation lessons, while limiting Definition: An Internet of Things (IoT) platform is enterprise and career risk. software that enables development, deployment and management of solutions that connect to • Skills: IoT projects will require new and capture data from IoT endpoints. It is a suite capabilities for your organization. Build an IoT of functional capabilities: capabilities gap analysis, a skills migration plan, and training program for your developers • Device management and business analysts. In parallel, perform an assessment of IoT skill sets within your • Integration enterprise. Plan to leverage a service partner to ramp up as you train internal resources. • Data management • Platform customization: Understand that • Analytics an IoT platform is a starting point. No IoT platform will work straight off the shelf. • Application enablement Customize the platform to build a solution for your unique circumstances (for example, • Security adding third-party security or device support or analytics to meet special needs). It may be delivered as a hybrid combination of edge software platform and/or cloud IoT platform • Vendor selection: Evaluate candidate IoT as a service. platforms in terms of their fit-to-your- business objectives and technology, but expect roadmaps to evolve quickly in the 23

fast-changing IoT market. Key criteria will be Position and Adoption Speed Justification: vendor capabilities to scale from proofs of Machine learning is still one of the hottest concept to operational-scale deployments, concepts in technology, given its extensive vertical market expertise, their partner range of effects on business. The drivers of its ecosystem and customer references. continued massive growth and adoption are the growing volume of data and the complexities that Business Impact: There is a significant conventional engineering approaches are unable opportunity from IoT-enabled business moments to handle. An increasing number of organizations to achieve greater business value. This includes are exploring use cases for machine learning making better decisions from the insights, and many are already in the initial phases of information and data that are generated by pilot/POC. Tech providers are adding embedded instrumented assets, and providing better control machine learning capabilities into their of things distributed across the enterprise and its software. Despite the heightened interest in the external stakeholders. Unfortunately, this data technology, most organizations are still dabbling has been largely locked in the assets — mostly in their approaches to machine learning. Finding due to lack of connectivity, but also because of relevant roles and skills needed to implement lack of systems and governance processes to machine learning projects is a challenge for such obtain and share this data systematically. organizations. As the volume and sources of data increase, the complexity of systems will also IoT platforms act as the intermediary between grow and, in such scenarios, traditional software the “thing” and the IT and OT systems and the engineering approaches would produce inferior business processes. Therefore, they facilitate the results. In the future, advances in many industries introduction of a new potentially transformative will be impossible without machine learning. wave of digital business innovation and digital transformation to enterprises. IoT platforms User Advice: For data and analytics leaders: provide the middleware foundation to implement asset-centered business solutions — and are • Start with simple business problems for part of a broader technology solution to manage which there is consensus about the expected multiple IoT applications in an agile/flexible outcomes, and gradually move toward fashion. complex business scenarios.

Benefit Rating: High • Utilize packaged applications, if you find one that suits your use case requirements. These Market Penetration: 5% to 20% of target often provide superb cost-time-risk trade-offs audience and significantly lower the skills barrier.

Maturity: Adolescent • Nurture the required talent for machine learning, and partner with universities and Sample Vendors: ABB; Atos Origin; Bosch thought leaders to keep up to date with the Software Innovations; GE Digital; LTI; OpenText; rapid pace of advances in data science. Create an Prodea Systems; relayr; Software AG; WSO2 environment conducive to continuous education, and set explicit expectations that this is a Machine Learning learning process and mistakes will be made. Analysis By: Shubhangi Vashisth; Alexander Linden; Carlie J. Idoine • Track what initiatives you already have underway that have a strong machine learning Definition: Machine learning is a technical component — for example, customer scoring, discipline that aims to solve business problems database marketing, churn management, utilizing mathematical models that can extract quality control and predictive maintenance knowledge and pattern from data. There are three — to accelerate machine learning maturation major subdisciplines that relate to the types of through cross-pollination of best practices. observation provided: supervised learning, where Monitor what other machine learning observations contain input/output pairs (also initiatives you could be a part of and what known as “labeled data”); unsupervised learning your peers are doing. The choice of machine (where labels are omitted); and reinforcement learning algorithms is also influenced by the learning (where evaluations are given of how ability to explain how the algorithm arrived at good or bad a situation is). a certain outcome. 24

• Assemble a (virtual) team that prioritizes Sliding Into the Trough machine learning use cases, and establish API Economy a governance process to progress the most Analysis By: Paolo Malinverno valuable use cases through to production. Definition: The API economy is a set of business • Focus on data as the fuel for machine learning models and channels. It is based on secure by adjusting your data management and access of functionality and exchange of data to information governance for machine learning. an ecosystem of developers and the users of the Data is your unique competitive differentiator app constructs they build. It is offered through and high data quality is critical for success APIs, either within a company or using the of machine learning initiatives. Although internet, with business partners and customers. the choice of fundamental machine learning algorithms is fairly limited, the number Position and Adoption Speed Justification: of algorithm variations and available data APIs have always been everywhere, but they sources are vast. were rarely used by anyone other than the development group that designed them. The Business Impact: Machine learning drives basic principle of the API economy is that APIs improvements and new solutions to business can be new products that a company offers to problems across a vast array of business, open new business channels, advance a digital consumer and social scenarios: transformation, entice an ecosystem of partners or to sell more of its traditional products. • Automation When we use a smartphone app, or book a ticket • Drug research for our favorite concert, we use APIs — we live in an API economy already. As companies execute • Customer engagement digital strategies, and smart devices consume APIs, this is only going to grow. • Supply chain optimization The API economy has established itself, as a • Predictive maintenance precursor of digital strategies, and the primary • Operational effectiveness way to grow an ecosystem. It has now passed the Peak of Inflated Expectations, the hype is • Workforce effectiveness decreasing, and it is sliding quickly into the Trough of Disillusionment. Even if fewer people • Fraud detection talk about the API economy today, everybody realizes the role of APIs in digital transformations, • Resource optimization and the original concept of the API economy lives on. Machine learning impacts can be explicit or implicit. Explicit impacts result from machine User Advice: Read “Top 10 Things CIOs Need learning initiatives. Implicit impacts result from to Know About APIs and the API Economy” and products and solutions that you use without understand the following: realizing they contain machine learning. 1 To start an API program, you don’t start from Benefit Rating: Transformational the APIs, you start from the needs of the applications consuming them. Market Penetration: 5% to 20% of target audience 2 APIs are doors into your data and the functions of your IT systems: Secure them Maturity: Adolescent properly; once an API is out there, people will use it for purposes you never thought about. Sample Vendors: Alteryx; Amazon Web Services; Domino Data Lab; Google Cloud Platform; H2O. 3 Just running hackathons for fun will not get ai; IBM (SPSS); KNIME; Microsoft (Azure Machine you any place (or value). Learning); RapidMiner; SAS 4 You don’t monetize most APIs directly, indirect is the most common model in the API economy today. 25

5 Only build APIs that already have an identified Cloud-Native Application Architecture consumer. Analysis By: Anne Thomas

6 APIs are at the center of modern application Definition: Cloud-native application architecture architectures, and API mediation enables the is a set of application architecture principles and outside-in model for applications that the API design patterns that enables applications to fully economy is based on. utilize the agility, scalability, resiliency, elasticity, on- demand and economies of scale benefits provided 7 Bimodal for applications needs APIs, and vice by cloud computing. Cloud-native applications versa. are latency-aware, instrumented, failure-aware, event-driven, secure, parallelizable, automated and 8 Don’t build it, they won’t come: Enticing resource-consumption-aware (LIFESPAR). developers is becoming a full science, and is the basis of the value system of the API Position and Adoption Speed Justification: Many economy; create the role of API product organizations are adopting cloud platforms to manager to govern APIs through a life cycle. gain agility, scalability and resiliency benefits to support their digital business initiatives. 9 Tailor your API experiences for the consumers, Market data clearly indicates the shift to cloud but keep versions under tight control: An platforms: Currently, the application platform API management platform will allow the as a service (aPaaS) market is about 82% of the API to behave differently depending on the size of the application platform software market consumer. (where revenue predominantly comes from sales of traditional application servers). But the 10 Consuming APIs will be more common than application platform software market is shrinking providing APIs. slightly, while the application platform as a service (aPaaS) market is growing rapidly (12% annually). Business Impact: A platform offering APIs is the Meanwhile, sales of cloud-enabled application basis of a digital strategy, and companies will platform (CEAP) software (which can be deployed either use somebody else’s platform (thus being on-premises on IaaS) are also starting to supplant part of one of more ecosystems) or build one, traditional application server sales. In 2017, aPaaS creating a fresh ecosystem using it. APIs provide and CEAP sales together exceeded traditional the technical foundation to a platform business. application server software sales. Several business models are associated with Out of necessity, organizations are starting to publishing APIs. Companies gain different adopt cloud-native architecture to make the most types of value from publishing APIs or running of cloud benefits and to ensure their applications hackathons to build innovation and get new are scalable and resilient. Organizations that ideas on a platform — value that goes beyond simply lift-and-shift traditional three-tier enhancing your company image by appearing applications to aPaaS or CEAPs often find that innovative. In some cases, especially when they perform poorly. Most traditional applications the product can be delivered electronically include cloud anti-patterns, consume excessive (for example, TV access to yesterday’s final resources, and aren’t able to fail and recover of a sporting event), companies can directly gracefully. Developers must presume that charge for API volume usage. However, the most cloud-based resources are not resilient, and common model in the API economy today is cloud-native patterns build resiliency into indirect, where a company provides free access the application. Developers also must adapt to the APIs they publish in return for a leaner/ their application architecture to support quicker/more efficient execution of a business DevOps practices that go along with cloud process (like ordering goods in a supply chain), platforms, including self-service and automated or for increased sales of a traditional product (for provisioning, blue/green deployments, and instance, travel companies get more bookings if canary testing. A basic set of rules known as the they publish APIs into their reservation systems). “twelve-factor app” ensures that applications can Benefit Rating: Transformational support these practices.

Market Penetration: 20% to 50% of target User Advice: Application architecture leaders audience should:

Maturity: Early mainstream • Develop a strategy to deal with the obsolescence of three-tier client/server 26

architecture. Retain traditional application that applications are optimized for a shared servers for existing legacy applications, but infrastructure environment, thereby reducing use lightweight infrastructure and cloud- costs through pay-for-use pricing models and native frameworks for digital business denser resource utilization. application development projects. Benefit Rating: Moderate • Adopt aPaaS or CEAP to help increase agility and to obtain the capabilities required for Market Penetration: 5% to 20% of target digital business. Consider serverless options, audience such as function PaaS, for applications with highly variable loads. Maturity: Early mainstream

• Design all new applications to be cloud- Sample Vendors: Amazon Web Services (AWS); native, or at least cloud-ready, irrespective of Cloud Native Computing Foundation; Docker; whether you currently plan to deploy them Google; ; Microsoft; OutSystems; Pivotal; in the cloud. At some point, you will want to Red Hat; Salesforce deploy them to a cloud platform. A cloud- ready application is one that can safely run on Hybrid IT a cloud platform, although doesn’t fully utilize Analysis By: Thomas J. Bittman cloud characteristics. Definition: Hybrid IT is the operational model • If business drivers warrant the investment, for IT organizations that are trusted brokers for rearchitect or rebuild existing applications a broad range of services from external cloud to be cloud-native and move them to aPaaS. providers and from their own enterprises, using Rehosting legacy applications on IaaS cloud computing styles (private, public and without rearchitecture can offload your data hybrid), as well as traditional computing and center and may save you some money, but it cloud-inspired styles. Hybrid IT is an organizing probably won’t deliver the agility, scalability principle for how IT departments provide IT and resiliency benefits you need. Be sure services and add value to IT services provided by legacy applications are at least cloud-tolerant others. A hybrid IT organization manages multiple before rehosting them — meaning that sourcing models that can change dynamically. they are tolerant of ephemeral or unreliable infrastructure. Otherwise, they are likely to Position and Adoption Speed Justification: experience stability and reliability issues. As interest in and usage of cloud computing services have grown, enterprises are looking for • Use the twelve-factor app rules and the ways to support that usage, but with appropriate LIFESPAR architecture principles to guide governance. Inquiries from Gartner clients on application architecture when designing a the effective governance of cloud services have cloud-native application or when transforming increased significantly during the past few years. an existing application for migration to a Technologies to enable the brokering of cloud cloud. and noncloud services are evolving, and several of them have been acquired by major vendors. • Use opinionated cloud-native frameworks or high-productivity aPaaS tooling to accelerate The cloud providers themselves have little cloud-native development. interest in making cross-service migrations or integration easy, which will increase the demand Business Impact: Organizations want to for an intermediary role. As cloud computing make the most of cloud computing to support services mature, there will be a growing need their digital business initiatives. But they can’t for cross-service management, integration, fully exploit cloud platform benefits without and aggregated hybrid cloud and IT services. cloud-native application architecture. Cloud- Appropriate compliance and security measures native architecture increases business agility will need to be put in place, and the fundamental by enabling DevOps teams to more effectively role of the IT organization and its associated use cloud self-service capabilities, and to skills will need to change, i.e., there will need to support continuous delivery of new features be a shift from “just” a provider role to the role of and capabilities. Cloud-native architecture provider and broker of IT services. also ensures that applications can leverage cloud autoscaling and autorecovery features User Advice: Hybrid IT is different from hybrid to improve system performance and business cloud. Hybrid cloud is the composition of continuity. Cloud-native architecture also ensures 27

multiple services from different providers into in leveraging cloud providers quickly and a single service. Hybrid IT adds value across effectively, redundant overhead costs placed multiple services from different providers, as well on end users, inefficient use of cloud services, as internal technology solutions. Hybrid cloud and cloud provider failures that directly affect will be useful, but relatively uncommon. Hybrid IT the business. Some enterprises — especially will be very common, because most enterprises smaller ones — will fill this intermediary role by will leverage different services from multiple outsourcing to external providers, boutique cloud providers. integration firms and cloud system integrators (i.e., cloud service brokerages). Larger enterprises A successful hybrid IT effort requires the IT should consider this broker role as a critical core organization to focus on three approaches to competency that enables the efficient use of IT being a broker for services: services (internally and externally) and drives significant top-line growth through the more- • Accelerating time to value — getting to the competitive use of cloud services. right solution quickly. Benefit Rating: Moderate • Adding value — customizing as needed; reducing overhead costs and effort; and Market Penetration: 20% to 50% of target managing service levels, financials, problem audience management, etc. Maturity: Early mainstream • Protecting the enterprise — in terms of security, compliance and providers that fail. Sample Vendors: DXC Technology; Hewlett Packard Enterprise; IBM; VMware • Actions that help create a hybrid IT organization include: Cloud Marketplaces

• Creating a core competency center on Analysis By: Ed Anderson provider capabilities, best practices and internal user feedback. Definition: Cloud marketplaces are online storefronts through which customers can • Offering services through a central portal that find and subscribe to cloud service offerings, provides a fast path to services and necessary including IaaS, PaaS and SaaS. Cloud-related IT service information, including single sign- services offerings, such as consulting or migration on (SSO) and consolidated billing and services, are now appearing in some marketplaces. chargeback. Cloud marketplaces are a type of cloud service brokerage, where the marketplace provider • Removing and reducing overhead efforts, such aggregates disparate cloud service offerings (often as managing financials, dealing with problem curated) and presents them as a collection of management and managing the overall service offerings, usually through a portal, and provider relationship. sometimes referred to as “cloud app stores.”

• Integrating applications and data across cloud Position and Adoption Speed Justification: and noncloud environments. Cloud marketplaces are growing in influence as a destination to find and procure cloud These actions will require that new skills and services, applications and service components. organizational structures be developed in IT, Cloud service providers, technology distributors, focused on service orchestration, provider resellers, cloud service brokerage (CSB) providers capabilities and best practices. and even internal IT organizations are building and delivering cloud marketplaces to their Business Impact: Hybrid IT can help the constituents. Cloud app stores, cloud service enterprise leverage cloud computing services catalogs and portals are also types of cloud faster, appropriately, more efficiently, and marketplaces, but they are typically built for with managed and acceptable risk. As cloud consumption by a closed community of users. computing use expands and matures, the requirements for security management, cross- Providers use cloud marketplaces to highlight service coordination, data sharing, service-level their own cloud service offerings and their management and migration paths will grow to partners’ offerings, and to assert their role the point at which enterprises without hybrid IT in the delivery of cloud services. Cloud will have serious competitive issues — delays 28

marketplaces also reinforce the importance of • General-purpose marketplaces, with cloud the supporting cloud platform, and successful services from different providers (example: cloud marketplaces can help strengthen the RightScale). competitive position of the underlying cloud platform. Cloud offerings are often built by third- • Vertical industry marketplaces, with cloud party independent software vendors (ISVs). services designed for specific vertical industry needs or use cases (example: government Cloud service subscribers use cloud marketplaces cloud marketplaces). as a means to simplify the process of finding, purchasing and using cloud services, in addition • Marketplaces of complementary software to value-added services and applications from images built for a specific cloud platform. other complementary third-party offerings. These marketplaces are effectively software Marketplaces can also be used to highlight catalogs, with purchasing and delivery preapproved or sanctioned services, which can capabilities (example: Amazon AWS complement cloud governance policies for Marketplace). approved cloud service usage. Cloud service aggregation features, such as unified billing, are Organizations should assess the benefits of often included. value-added services offered through cloud marketplaces. Value-added services may be Cloud marketplaces are often, but not always, a available as business services (such as billing, type of CSB built on cloud brokerage enablement compliance, vertical industry specialization and tools. CSB providers use cloud marketplaces managed services) or technology services (such as as a form of intermediation, where additional integration, monitoring, service delivering, security services can be added, including integration, and customization). Working with providers customization, aggregated billing and governance. in a cloud brokerage model, often through a Innovations in CSB will improve the capabilities of cloud marketplace, may provide benefits that cloud marketplaces and increase the proliferation map well to the organization’s cloud sourcing of marketplaces. As marketplaces address strategy. Internal cloud marketplaces, delivered a broader and more specific set of end-user by an internal CSB, can deliver similar benefits. requirements, including simplified billing, ease Conversely, cloud marketplaces may provide a of procurement of services and software, and level of intermediation that may make it more implementation and prebuilt integration, the use difficult for the organization to interact with the of cloud marketplaces will increase. cloud service or the cloud service provider.

User Advice: The cloud marketplaces currently Business Impact: Third-party cloud in market and in use by organizations have marketplaces will be most popular with smaller very different capabilities and serve different organizations that benefit from the value- purposes. Most, including those offered by cloud added capabilities of cloud marketplaces, or service providers, are basic in their capabilities, business units within large organizations. Larger although more sophisticated offerings have organizations will also make use of cloud emerged in the market. The most fundamental marketplaces associated with their chosen cloud type of marketplace is nothing more than a platform. Organizations with sophisticated IT directory of cloud service offerings, with no capabilities may establish a cloud marketplace value-added capabilities beyond the catalog. as part of an internal CSB, designed to facilitate More sophisticated cloud marketplaces include usage of internal and external cloud services, additional services, such as authentication and and to provide management and control over the authorization, metering, aggregated billing and organization’s collection of cloud services. reporting, provisioning, data management and integration, compliance, and security. Benefit Rating: Moderate

Organizations should look for cloud marketplace Market Penetration: 5% to 20% of target offerings with the software and services that audience meet their cloud service platform requirements and value-added service needs: Maturity: Adolescent

• Marketplaces of cloud services built to Sample Vendors: Amazon Web Services; enhance or extend a specific cloud service Google; IBM; Ingram Micro; Microsoft; RightScale; offering (example: Salesforce AppExchange). Salesforce 29

Cloud Networking applications that still reside in the customer’s Analysis By: Sid Nag data centers.

Definition: Cloud networking is a service offered • Cloud applications may need to interact with by service providers to connect disaggregated other applications running in a different cloud hybrid IT and hybrid cloud environments. provider’s cloud data center. Cloud networking services provide robust interconnectivity between external cloud data • Due to governance and compliance reasons, centers and a customer’s on-premises data the data associated with an application centers. Cloud networking services typically running in the cloud may still have to reside include capabilities that address quality of in the customer’s data centers. service and latency, and network availability for All of these scenarios create a need for a robust applications that require reliable connectivity connectivity model in order to achieve optimal between the customer’s premises and an external application performance. cloud service. Business Impact: Cloud networking challenges Position and Adoption Speed Justification: rank among the top inhibitors to the use of public In the next two to five years, cloud networking cloud services. Cloud networking challenges, will be a major criteria for selection of cloud which ranked among the top four challenges providers by 50% of enterprises. Organizations to the adoption of cloud, have received less should select providers that must include attention in the industry despite being a critical cloud networking as a cornerstone of their element that many organizations are concerned cloud-managed services offerings as issues about. It is clear that cloud interconnect with network connectivity across the hybrid IT architectures are important for all applications environment and multiple cloud providers data across the disaggregated hybrid cloud and centers increase in complexity. Cloud networking hybrid IT environments. Moving forward, also has a part in building and managing secure however, as organizations move vertical-specific private networks over the public internet by mission-critical applications to the cloud, cloud utilizing global cloud computing infrastructure. interconnect architectures will become even In cloud networking, the traditional network more critical. functions and services, including connectivity, security, management and control, are delivered Benefit Rating: High as a service in the cloud. Market Penetration: 5% to 20% of target User Advice: Users should look for cloud audience networking offerings that include capabilities to select the right connectivity provider whether Maturity: Early mainstream it is a cloud provider, an exchange provider or a traditional ISP. User must also make sure that Sample Vendors: Amazon Web Services (AWS); the adequate quality of service and latency and AT&T; CenturyLink; Digital Realty; Equinix; Google availability issues are addressed, especially for Cloud Platform; Microsoft Azure; QTS Realty Trust; mission-critical applications that are running Verizon; VMware in the cloud. This offering should also get into issues related to dual homing, peering point Software-Defined Infrastructure selection, route advertising and other networking issues. Other capabilities to look for include Analysis By: Philip Dawson rapid provisioning of MPLS, VPN and SD-WAN Definition: In 2018, software-defined support for complex overlays for connecting an infrastructure (SDI) is absorbing the broad set of organization’s on-premises locations into the software-defined anything (SDx) infrastructure cloud provider’s data center. Furthermore, it components. SDI combines the software-defined should provide cost comparisons of selecting one data center (SDDC) IP. SDI also captures not only connectivity provider over the other. non-data-center infrastructure deployed in Mode As users move applications into the cloud, cloud 2 Internet of Things (IoT) applications, but also networking requirements may emerge: an SD Edge of edge-based adapters, monitors, gateways, appliances and machines. • There will often be a requirement for the application running in a cloud provider’s data Position and Adoption Speed Justification: center to interact and interoperate with other Data center infrastructure is well-covered with 30

compute (SDC), network (SDN) and storage worlds — the cost optimization, agility, flexibility, (SDS), but SDI also extends to non-data-center scalability and elasticity benefits of public cloud, infrastructure with the use of monitors or in conjunction with the control, compliance, machines that are increasingly software-defined. security and reliability of private cloud. As a This is through the use of sensors and adapters result, virtually all enterprises have a desire to that are not only hardware-focused, but also augment internal IT systems with external cloud abstracted through software, becoming SDI in services. The solutions that hybrid cloud provides Mode 2 IoT and operational technology, rather include service integration, availability/disaster than traditional, IT-driven SDI through a Mode 1 recovery, cross-service security, policy-based data center. workload placement and runtime optimization, and cloud service composition and dynamic User Advice: As SDI initiatives roll out, consider execution (for example, cloudbursting). the integration and measurement of non-data- center edge infrastructure. Start with and focus A hybrid cloud computing architecture enables on core Mode 1 SDI for compute, network, multicloud implementations. While most storage and facilities, but consider the impact organizations are integrating applications and of Mode 2 SDI around the IoT, edge computing, services across service boundaries, we estimate remote office/branch office and other operational approximately 10% to 15% of large enterprises technology. Key IoT distributed verticals (such as have implemented hybrid cloud computing retail, manufacturing, retail banking, distribution beyond this basic approach — and for relatively and utilities) are encapsulating non-data-center few services. This decreases to less than 10% SDI initiatives for Mode 2 operations and for midsize enterprises, which mostly are functions. implementing the availability/disaster recovery use case. While most companies will use some Business Impact: With the increase of the IoT form of hybrid cloud computing during the touching edge-based operational technology, next two years, more advanced approaches SDI will reach beyond and between SDDCs, lack maturity and suffer from significant setup and leverage SDx benefits and features for new and operational complexity. Positioning on multimode applications and edge endpoints. the Hype Cycle advances toward the Trough of Disillusionment as organizations continue to Benefit Rating: High gain experience in designing cloud-native and optimized services, and seek to optimize their Market Penetration: 20% to 50% of target spending across on-premises and off-premises audience cloud services. However, this is different from hybrid IT, which is where IT organizations act as Maturity: Early mainstream service brokers as part of a broader IT strategy and may use hybrid cloud computing. Hybrid IT Sample Vendors: IBM; ; Microsoft; Red Hat; services are professional services that provide VMware; Wipro cloud service brokerage (CSB), multisourcing, service integration and management capabilities Hybrid Cloud Computing to customers building and managing an integrated Analysis By: Milind Govekar; Dennis Smith; hybrid IT operating model. These services are David W. Cearley provided by vendors (such as Accenture, Wipro, Tata Consultancy Services [TCS]) and other service Definition: Hybrid cloud computing is the providers and system integrators. coordination of cloud services across public, private and community cloud service providers Microsoft has launched Azure Stack and VMware to create another cloud service, which is how it has launched Hybrid Cloud Extension to support differs from multicloud computing. A hybrid cloud hybrid cloud implementations — mainly hybrid computing service is automated, scalable, elastic, cloud orchestration. has self-service interfaces and is delivered as a shared service using internet technologies. User Advice: When using hybrid cloud Hybrid cloud computing needs integration computing services, establish security, between the internal and two or more external management, and governance guidelines environments at the data, process, management and standards to coordinate the use of these or security layers. services with internal (or external) applications and services to form a hybrid environment. Position and Adoption Speed Justification: Approach sophisticated cloudbursting and Hybrid cloud offers enterprises the best of both 31

dynamic execution cautiously because these are Position and Adoption Speed Justification: the least mature and most problematic hybrid As cloud computing continues to become more approaches. To encourage experimentation and mainstream while skills and knowledge remain cost savings, and to prevent inappropriately risky scarce, the awareness of cloud brokering (either implementations, create guidelines/policies taken on internally or outsourced to a service on the appropriate use of the different hybrid provider) continues to increase. This has cloud cloud models. Coordinate hybrid cloud services services brokering moving steadily toward the with noncloud applications and infrastructure Plateau of Productivity, although maybe more to support a hybrid IT model. Consider cloud slowly than initially expected by some. As management platforms, which implement and companies continue to formulate their cloud enforce policies related to cloud services. If strategies, the role of internal IT as a cloud your organization is implementing hybrid IT, service broker has become a role model for many consider using hybrid cloud computing as the IT organizations. foundation for implementing a multicloud broker role and leveraging hybrid IT services and service The area related to cloud services brokering that providers to complement your own capabilities. has, however, grown the fastest over the last few years is the segment of third-party managed Business Impact: Hybrid cloud computing service providers (MSPs). These MSPs offer added- enables an enterprise to scale beyond its data value services for cloud migration and managed centers to take advantage of the elasticity of the services on top of cloud infrastructure. Providers public cloud. Therefore, it is transformational come from a wide variety of backgrounds, when implemented because changing business including system integration, managed hosting requirements drive the optimum use of private and full-service outsourcing, which compete with and/or public cloud resources. This ideal pure-play startups. approach offers the best possible economic model and maximum agility. It also sets the Providers of CSB-enabling technologies stage for new ways for enterprises to work with include dedicated cloud brokerage platforms, suppliers and partners (B2B), and customers cloud management platforms with embedded (B2C), as these constituencies also move toward brokering capabilities, and a wide variety of a hybrid cloud computing model. cloud management point solutions. We have seen a significant wave of acquisitions of these Benefit Rating: Transformational enablement companies by a variety of (managed) service providers. Market Penetration: 5% to 20% of target audience User Advice: In the area of SaaS, providers of cloud services tend to focus on a narrow set of Maturity: Adolescent functionality (for example, expense management, HR support, CRM, big data analysis, office Sample Vendors: Hewlett Packard Enterprise productivity, or file storing and sharing) at an (HPE); IBM; Microsoft; OpenStack; Rackspace; enormous scale. The result is that enterprises will RightScale; VMware use multiple cloud services from numerous SaaS providers. Meanwhile, we see in the infrastructure Cloud Service Brokerage area that the preference for multicloud cloud Analysis By: Gregor Petri; Sid Nag strategies continues to increase.

Definition: Cloud service brokers combine In this multivendor environment, your technology, people and methodologies to help organization needs to find the right balance. (internal or external) organizations consume In some cases, your organization can take on cloud services. Cloud service brokerage (CSB) is the role of an internal service broker to provide defined as an IT role and business model in which multiple cloud services to both internal and a company or internal entity adds value to one external customers via a brokerage enablement or more (public or private) cloud services. This is platform/app store. And for some other cases, done on behalf of one or more consumers of that your organization can turn to the app store or service by providing an aggregation, integration, marketplace of an external cloud services broker. customization and/or governance role. CSB enablers provide technology to support cloud Consider outsourcing the CSB role to an external service brokering activities. service provider if you lack the requisite CSB skills and capabilities, or when an external provider can best meet your time-to-deployment 32

or risk management requirements. Make sure as a way to augment and handle peaks in IT to assess potential CSB provider maturity at the system requirements at startup or during runtime. commercial and technical level. Cloudbursting can span on-premises private cloud with public cloud, and may cross cloud providers Consider an internal CSB role when brokering is or resource pools within a single provider. Typical perceived as a required internal core competency. use cases for cloudbursting include the expansion Examples are when you want full unilateral of IT resources across internal data centers, control over cloud consumption, or you are external data centers, or between internal and responsible for delivering IT services across a external data centers. hybrid combination of public and private clouds. Position and Adoption Speed Justification: Give preference to CSB providers or CSB The notion of cloudbursting is based on the idea technology enablers that have a roadmap of “bursting” out of an internal data center to an indicating the broad understanding of the external cloud service (usually infrastructure as emerging role of the CSB as the enterprise a service (IaaS) or platform as a service (PaaS)) strategic intermediary for cloud consumption. when additional computing capacity is needed. Cloudbursting can be implemented as a type Business Impact: Although internal IT has of autoscaling, implemented across service embraced the cloud services broker term, environments. Although cloudbursting includes external providers by and large still shy away any scenario where cloud services are utilized in from using the “broker” label. Instead, they an on-demand fashion when additional capacity prefer terms such as “cloud integrator” or “cloud is required, cloudbursting could also include managed service provider.” They continue to scenarios where less critical resources are moved struggle to find the right business model for to a cloud service in order to free up internal monetizing their value-added brokering activities, capacity for critical on-premises workloads. and the impact of cloud service brokering on the industry will be significant. Today, cloudbursting is often a manually initiated process, but over the next two to three New pure-play brokering service providers years, cloudbursting may become automated are emerging, while large traditional system through the use of triggers and service governor integrators and hosting providers are technology for the following roles: repositioning themselves as brokers instead of trying to compete against rapidly growing • A provisioning time placement role hyperscale cloud providers. Distributors, value- added resellers, independent service providers • A runtime movement role and OEMs are redefining their business models in context of the new cloud service • A runtime expansion role reality. Communications service providers and emerging new players (such as banks and The provisioning time placement role is the financial institutions) are entering the cloud easiest to implement and requires the least service brokering market with small- or midsize- governance insight because services are placed business-focused offerings. based on available capacity and policy. The runtime movement role is harder, may require Benefit Rating: Moderate some downtime and will be less common because moving services between cloud Market Penetration: 5% to 20% of target environments and across different providers is audience often quite complex. The runtime expansion role requires applications to be specifically written or Maturity: Adolescent adapted to cloudbursting, such as scale-out web architectures or batch-computing jobs that can Sample Vendors: Accenture; AppDirect; disperse the work in parallel across distributed Cloudnexa; Cognizant; ComputeNext; DXC data centers. Most applications have storage Technology; Hewlett Packard Enterprise (HPE); and database architectures that cannot be easily Ingram Micro; Rackspace; RightScale adapted to geographically dispersed data centers. Likewise, networking challenges, including Cloudbursting latency, can make cloudbursting unfeasible. Analysis By: Ed Anderson Barriers to cloudbursting usage include the Definition: Cloudbursting is the use of an lack of cross-cloud provider API standards, alternative set of public or private cloud services inadequacy of application instrumentation, root 33

cause analysis and management tools, latency • Implement robust network connectivity and between data centers, security and networking reliable transport between cloud service configuration and automation, and incompatible environments where cloudbursting will occur. application architectures. While penetration in large organizations is 5% to 20%, the number of • Carefully evaluate the financial implications services that make use of actual cloudbursting of the dynamic movement of workloads; there is small and is focused on the more stateless may be significant costs associated with web or application tiers, and less so on the more storage and networking. complex and often stateful data tier. Business Impact: Cloudbursting has the The rising interest in multicloud architectures potential to reduce the overall cost of running has elevated interest in cloudbursting as a means cloud services by dynamically provisioning to leverage cloud capacity and capabilities additional capacity on-demand, and potentially across cloud environments. Although interest from different providers to meet the needs of in multicloud environments is growing, the workloads with variable resource demands. It challenges of implementing cloudbursting enables the use of cloud services to address remain difficult for most types of applications, capacity overflow for on-premises or cloud- particularly complex applications. based systems.

User Advice: Cloudbursting is often cited Benefit Rating: High as one of the primary use cases for hybrid cloud or multicloud environments. In practice, Market Penetration: Less than 1% of target cloudbursting remains an aspirational notion audience for most organizations because of the practical difficulties in implementing cloudbursting. When Maturity: Adolescent considering the use of cloudbursting, it is prudent to take a pragmatic approach, recognizing Sample Vendors: Amazon Web Services; the challenges associated with an operating ; Google Cloud Platform; Hewlett Packard environment that assumes cloudbursting Enterprise; ; Microsoft; OpenStack; capabilities. Select workloads and applications RightScale; ; VMware that are conducive to scale-out execution using parallel and distributed processing models. Private Cloud Computing Analysis By: Thomas J. Bittman • Do not assume that cloudbursting will become a broadly viable approach for Definition: Private cloud computing is a form of workload portability and expansion across cloud computing used by only one organization, cloud services, even when hyped technologies or one that ensures an organization is completely such as “containers” are used. isolated from others. As a form of cloud computing, it has full self-service, full automation • Assess which applications will get value behind self-service and usage metering. It from cloudbursting and whether they meet does not have to be on-premises, or owned or the technical criteria and constraints for managed by the enterprise. implementation such as whether they are designed to be distributed, will not be Position and Adoption Speed Justification: impacted by network latency, and have Private and public cloud computing are at appropriate application instrumentation. opposite ends of the “isolation” spectrum. As public cloud providers have offered virtual private • Account for cloudbursting in the IT service cloud, dedicated instances, and dedicated hosts, architecture of workloads with highly variable the gap between private and public has become a demand to take advantage of extending cloud spectrum of isolation choices. services across cloud environments to meet fluctuating resource demands. Recognize that Organizations that build a private cloud service implementation will require development are emulating public cloud computing providers and integration skills to enable bursting to acquire similar benefits — mainly agility, (for example, security, Internet Protocol mainly for new cloud-native applications, mainly addressing and provisioning) as well as to for business value and growth. This can be for trigger the increase or decrease in capacity, infrastructure as a service (virtual machines or and to write the automation to perform the containers), platform as a service, or in some implementation. situations, . 34

The use of third parties for cloud computing • Build expertise in managing multiple (private and public) has been growing rapidly. The architectural and operational models, and ongoing cost and complexity of building a true multicloud — this is more valuable to an private cloud can be extreme, and the rationale enterprise than expertise in building a single for building your own has been declining. cloud architecture.

This term is also used to describe a very Business Impact: Cloud computing enables different trend, where traditional infrastructures agility that an enterprise can use to react quickly that are being modernized with virtualization, to business requirements in functionality or scale. some automation, and some self-service — Due to economies of scale, cloud computing can leveraging only some valuable attributes of also improve efficiency and lower costs. However, cloud computing, but applying them to existing because leveraging a true cloud computing applications with traditional infrastructure architecture requires applications and operational requirements. However, because these are models designed for cloud computing, the cost of different trends, Gartner does not include this transformation for existing applications does not form of modernization in our definition of always justify the investment. private cloud. But when the goal is IT efficiency or modernization for existing applications, True private cloud computing is used when these “just enough cloud” architectures can be enterprises aren’t able to find cloud services beneficial (but that’s not covered in this profile). that meet their needs in terms of regulatory requirements, functionality or intellectual User Advice: property protection. True private cloud computing is almost always purpose-built for a specific set • Evaluate third-party options first. These of new applications, and their success can be include hosted private cloud, managed measured in revenue or market share. services, alternatives, or public cloud. When the primary goal of a private cloud is IT efficiency, businesses can reduce costs and • Choose your private cloud strategy based improve overall operational efficiency for their on the necessary return on investment existing application portfolios by leveraging cloud or business goals: If business growth or technologies where appropriate, and adding business value for new applications, consider manual or custom intervention, or customized a true cloud architecture; if IT efficiency or changes as needed to support those applications. IT modernization for existing applications, choose cloud-inspired technologies and However, enterprises need to recognize that these methods to implement surgically. Just-enough are two different goals, with different architectures, cloud is often enough. and trying to do them in a single architecture usually achieves none of the goals well. Being bimodal, • Focus on business and application needs based on business and application needs makes the first, don’t start with the technology. One most business sense. technology architecture and operational model cannot support all of the application Benefit Rating: High needs of a typical enterprise. Either build multiple architectures and operational Market Penetration: More than 50% of target models, or leverage third-parties. audience

• Focus on services that fit the cloud model — Maturity: Mature mainstream standard, high-volume and self-service; those that require agility, horizontal scalability; and Sample Vendors: Apprenda; BMC; Hewlett usages that might be short-lived. Packard Enterprise; IBM; Microsoft; Pivotal; Red Hat; VMware • Consider the long-term roadmap for your private cloud services. Build with the potential Cloud Management Platforms to integrate, interoperate or migrate to public Analysis By: Dennis Smith; Padraig Byrne; Colin cloud alternatives at the appropriate time. Fletcher

• Manage the scope of work — start small, and Definition: Cloud management platforms broaden based on the business case. (CMPs) enable organizations to manage private, public and multicloud services and resources. Their specific functionality is a combination of 35

provisioning and orchestration; service request because no vendor provides a complete cloud management; inventory and classification; management solution. monitoring and analytics; cost management and resource optimization; cloud migration, backup • Standardize, because deriving value from your and disaster recover; identity, security and CMP will depend heavily on the degree of compliance. This functionality can be provided by standardization offered by the infrastructure, a single product or a set of vendor offerings with software and services. some degree of integration. • Set realistic expectations on deployment Position and Adoption Speed Justification: times, as mature organizations implement While the CMP market is continually changing, CMP in a relatively short period (one to two vendors and enterprise customers are getting a years); however, less mature organizations better feel for where such tooling can and cannot may require two or more years to design be used. Vendors are still being challenged with effective, repeatable, and automatable evolving customer requirements (for example, standards and processes. interfacing with multiple public clouds and cost transparency with workload optimization to • Plan for new roles, such as cloud architects remediate cost overruns). At the same time, major and cloud service brokers (CSBs), including market consolidation will continue during the developing skills in the infrastructure next few years. For example, many vendors that and operations organization, financial initially targeted cost management have been management and capacity management. acquired as this functionality is becoming a part of basic CMP functionality. The same is occurring Business Impact: Enterprises will deploy CMPs with cloud migration vendors. Additionally many to increase agility, reduce the cost of providing long-standing vendors are introducing next- services and increase the likelihood of meeting generation products, often targeting holes that service levels. Costs are reduced and service their previous products had. Some of the core levels are met because CMP deployments require CMP functionality is also being combined (for adherence to standards, as well as increased example, monitoring and analytics with cost governance and accountability. Desirable IT management and resource optimization). The outcomes include: ability to serve both application developer and I&O personas is key. This requires that CMPs be • Policy enforcement (e.g., on reusable standard linked into the application development process infrastructure components) without imposing workflow that inhibits agility while also allowing infrastructure and operations • Reduced lock-in to public cloud providers, (I&O) teams to enforce provisioning standards. although at the cost of CMP vendor lock-in which can slow innovation Organizations have an increasing need to address multicloud requirements, and, in some cases, • Enhanced ability to broker services from they want to become internal cloud service various cloud providers and to make informed brokers (CSBs) and manage public services that business decisions on which providers to use were previously acquired — often by lines of • Ongoing optimization of SLAs and costs business (LOBs) outside the I&O organization — and have become difficult to manage • Management of SLAs and enforcement of operationally. compliance requirements User Advice: As CMP market volatility increases, • Accelerated development, enabling setup/ IT organizations must: teardown of infrastructure that mimics production, resulting in lower overall • Consider CMP vendor’s viability along with infrastructure costs and higher quality evaluating features. Moderate • Consider native cloud services as an option Benefit Rating: versus CMPs if you favor depth with an Market Penetration: 5% to 20% of target individual cloud provider versus depth across audience different cloud providers. Maturity: Early mainstream • Augment, swap out or integrate additional cloud management or traditional management tools for many requirements, 36

Sample Vendors: Cisco; Red Hat; RightScale; perspective. They have a well-structured Scalr; VMware “migration factory” process, and can provide the strong project management and technical Cloud Migration staff needed to execute a migration in a timely Analysis By: Lydia Leong fashion. Enterprise architecture and technology leaders typically guide the selection of an MSP, Definition: Cloud migration is the process and oversee the migration effort. of planning and executing the movement of applications or workloads from on-premises I&O leaders that elect to perform their own infrastructure to external cloud services, or migration should consider purchasing cloud between different external cloud services. migration tools; this can decrease the time, effort and cost of the migration, compared to Position and Adoption Speed Justification: manual efforts or writing your own scripts. These The process of cloud migration requires: tools can also aid in moving workloads between cloud providers, or from a cloud provider back • Setting business objectives for the migration on-premises, although these use cases are rarely seen. I&O leaders must clearly define • Determining what workloads can be moved to their use cases and understand that vendor an external cloud service (or moved from one strengths will vary, as well as ensure that the such service to another) migration tools selected are consistent with their existing management software (such as a cloud • Planning how to best migrate those workloads management platform or backup/archiving tool).

• Executing the migration Application leaders should also consider what approach is best for modernizing an existing • Learning to operate in the new cloud model application. A rehosting without modification might be easiest, but it might bring fewer The tools for actually executing workload benefits than replatforming, refactoring, discovery and movement are relatively rebuilding, or replacing the application. mature. However, most organizations lack the expertise to appropriately plan and execute Business Impact: Relatively few organizations a migration. Migration service providers — have fully completed large-scale “all in” typically public cloud infrastructure managed cloud migrations — migrations that allow the service providers (MSPs) that can provide other organization to close down most or all of its managed and professional services in addition data centers — as such migrations typically take to the migration-related services — can help two to three years for midsize organizations and guide customers through this process, but five years or more for enterprises. A complex MSP experience and capabilities vary widely. SaaS implementation can take up to a year. Furthermore, organizations often struggle with However, migrating a single application can be the transformational aspects of cloud operations, accomplished in days or weeks, depending on which can result in technically successful the application’s complexity. Furthermore, many migrations that fail to meet business objectives. organizations that migrate applications to IaaS, with the help of an experienced MSP, are able User Advice: Organizations should objectively to accomplish the majority of the migration evaluate their ability to conduct a cloud within the first nine months. The organizations migration on their own, versus leveraging an that achieve the greatest cost savings with MSP. While customers sometimes migrate to infrastructure migration typically have high SaaS without the assistance of an MSP, almost degrees of standardization, or are willing to adopt all successful large-scale migrations to IaaS and greater standardization in order to significantly PaaS are done in conjunction with an MSP. Most lower labor costs via automation. Many MSPs target hyperscale integrated IaaS and PaaS organizations realize significant agility benefits, providers, such as Amazon Web Services and especially the benefits of greater self-service and Microsoft Azure. When these providers are used, developer empowerment. workloads are typically migrated to a mixture of their IaaS and PaaS offerings. Experienced Benefit Rating: High MSPs can help IT leaders think through their objectives and determine what the end state Market Penetration: 20% to 50% of target looks like from a technical and organizational audience 37

Maturity: Early mainstream or Microsoft Azure, have adopted a blend of the provider’s IaaS and PaaS capabilities; IaaS resources Sample Vendors: Accenture; CloudEndure; are typically supplemented with cloud software Cloudreach; Racemi; Rackspace; RiverMeadow; infrastructure services. Indeed, the availability of Veeam; Zerto this broad portfolio of services is a key aspect of choosing a strategic cloud platform provider. Integrated IaaS and PaaS Analysis By: Lydia Leong; Yefim V. Natis The complexity and level of investment required to offer a full, integrated portfolio of Definition: Integrated infrastructure as a multifunctional PaaS and IaaS services will service (IaaS) and platform as a service (PaaS) likely limit the vendor options in this market (also known as IaaS+PaaS, or integrated cloud to a handful of megavendors. Some of the platform services) is the business and technology megavendors will form ecosystems, allowing arrangement where IaaS and PaaS capabilities smaller PaaS specialists to be included in this are offered as a unified portfolio of services. The market. However, the maturity of this technology degree of integration may vary, but includes the will be primarily dependent on the capabilities of use of a single self-service portal and catalog, the megavendors. shared identity and access management, a single integrated low-latency network context, unified User Advice: CIOs, CTOs, IT leaders and security, and unified billing. planners:

Position and Adoption Speed Justification: • Combine IaaS and PaaS capabilities in both IaaS and PaaS are naturally complementary, cloud-native and legacy migration projects causing IaaS providers to expand into PaaS and to expand your design and deployment the more ambitious PaaS providers expand into options. In some cases, this may involve using IaaS, natively or through partnerships. Integrated capabilities from multiple cloud providers. approaches allow users to combine different models of system and application infrastructure • Consider integrated IaaS+PaaS providers to be within a unified environment. long-term application platforms. They should be managed as such, with appropriate attention to IaaS and PaaS represent a continuum, and potential application portability issues. an increasing number of capabilities in the market have characteristics of both. Within that • When looking at the combined use of IaaS continuum reside options that offer different and PaaS, carefully examine capabilities, balances between the responsibilities of the benefits, and risks of all candidate services provider and the responsibilities of the customer, separately. Do not assume that all services as well as the degree of transparency in the of the provider are of the same maturity, implementation. Furthermore, a greater degree of functional completeness or quality of service. automated management is being introduced into both IaaS and PaaS. • Evaluate the degree of business and technology integration between IaaS and PaaS services. It Today, most integrated IaaS+PaaS providers focus can range from minimal to seamless, and can on high-control capabilities, such as compute produce substantial differences in operations and instances (VMs, OS containers, or bare-metal costs of the project. servers) and other infrastructure resources that may have some form of automated management, • When considering a smaller specialist PaaS or cloud software infrastructure services (typically provider, give extra credit to those that are middleware services with varying degrees multicloud and, therefore, can be colocated of automation). However, high-productivity with multiple larger suites of IaaS+PaaS application PaaS is likely to become an important capabilities. part of these service portfolios as well. Offering Business Impact: both IaaS and PaaS as a unified service allows the provider to offer multiple intermediate • A well-functioning combination of IaaS and options in an integrated manner, simplifying the PaaS will offer enterprises a more natural, selection and facilitating efficient use for the flexible and comprehensive ramp-up path customers. to cloud computing and, consequently, will increase the rate and scope of adoption of Most customers that use a hyperscale integrated cloud by mainstream IT. IaaS+PaaS provider, such as Amazon Web Services 38

• The integration of IaaS and PaaS allows Many organizations that have adopted cloud customers greater flexibility to come into services have created a CCoE, but most such a cloud environment, with the balance of CCoEs are not yet mature. Most cloud migration control and ease of use that suits their needs service providers strongly recommend that at the time, and to shift that balance in either customers create a CCoE, and will assist direction as their needs evolve. customers in doing so. CCoEs are typically small, and depend on educating and influencing the • Vendors also benefit from IaaS+PaaS — those architects and other technical professionals coming from IaaS and those specialized throughout the organization who are actually in PaaS increase their customer value implementing the use of cloud services. The proposition and ability to compete when CCoE helps guide an organization’s cloud journey, covering the broader set of capabilities. as cloud use grows within an organization, and Because only the largest vendors are able the organization understands the best practices to offer their own implementations of both for cloud usage that are specific to its business IaaS and PaaS, the increasing popularity of needs. In most cases, the CCoE, governance IaaS+PaaS will contribute to the trend of PaaS approach, and best practices must evolve with market consolidation. the business and its cloud use.

Benefit Rating: High User Advice: A CCoE should be led by a chief cloud architect, and staffed by cloud architects. Market Penetration: 5% to 20% of target Typically, these architects have: audience • An enterprise architecture background Maturity: Early mainstream • An excellent understanding of application Sample Vendors: Amazon Web Services; Google development Cloud Platform; Microsoft Azure • A practical understanding of operations Cloud Center of Excellence Analysis By: Lydia Leong • Some knowledge of cloud services

Definition: A cloud center of excellence (CCoE) • A strong knowledge of the business is a central IT team, under the supervision of an enterprise architecture and technology • Good relationships with business as well as IT innovation leader, that is focused on providing management cloud strategy, best practices, and governance for the organization as a whole. The chief cloud architect typically also leads a cross-functional cloud computing policy Position and Adoption Speed Justification: committee that contains representatives A CCoE is usually the most effective way for from the business; technical end-user teams most organizations to achieve organizationwide (such as the application development teams); cloud governance. It is focused on providing infrastructure and operations; and sourcing, cloud best practices — preferably expressed not security, compliance, risk management, and legal just in documentation, but also templates and teams. Some organizations hire an individual other infrastructure-as-code mechanisms — as contractor with very strong knowledge of their well as serving as an internal cloud consulting primary cloud services to lead their CCoE, but practice that delivers cloud architecture and such an individual needs an enterprise architect recommended solutions. It also partners with partner who has very strong knowledge of the the sourcing team to provider cloud vendor business and the necessary cross-functional management, including cloud service expense relationships. Do not understaff the CCoE, since management. The CCoE achieves success by this can be a major threat to its influence and ensuring that the “path of least resistance” for success. If the organization has a rapidly growing cloud use is also the path that is well-governed number of cloud projects, it may be wise to open and meets the organization’s security and head count for CCoE architects well in advance regulatory compliance requirements. Although it of demand, since there is significant competition is responsible for developing and enforcing cloud for this skill set. computing policies, it primarily influences, rather than controls. A CCoE frequently chooses governance tools and sets policies, but is often not responsible 39

for operating those tools, and may not be adoption grows and the technologies become responsible for implementing the policies. In well understood. While progress is steady with organizations that utilize significant self-service approximately 30% to 40% of enterprises having — especially decentralized organizations — the made the move, the scale and volume of cloud CCoE must maintain strong developer relations in office projects can lead to frustration. Migrations order to both evangelize existing best practices, can prove difficult and some organizations fail to as well as to continuously collect best practices realize all of the potential value that these suites from these teams. The CCoE frequently facilitates can provide. knowledge sharing between these technical end- user teams. Microsoft and Google have been investing heavily to attract enterprises to their cloud office offerings, Business Impact: The CCoE is the hub of the and they are responsible for most of the enterprise cloud community within an organization, and deployments. Other vendor offerings include IBM it must build and foster that community. It is a Connections Cloud, Amazon WorkDocs/WorkMail/ critical part of helping the organization mature Chime and Zoho Office Suite. its use of cloud computing. The CCoE holds together the disparate ways that an organization Enterprises are making the move because of might adopt cloud computing, through its general preference for cloud deployments and centralization of cloud knowledge, best practices the desire to reduce costs, redeploy IT staff, and common tools, as well as its active outreach drive simplicity and provide more functionality throughout the organization. The CCoE function to users. Vendors provide their most attractive may also be closely aligned to the internal cloud new features — such as mobile apps, content service brokerage (CSB) function. discovery tools and artificial intelligence — from cloud deployments only. Nearly all organizations that use cloud services can benefit from a CCoE. In smaller organizations, User Advice: For digital workplace leaders: the CCoE function may be performed by a single cloud architect. A single CCoE can serve both • Be realistic about compliance and legal modes of bimodal IT, but will likely have different concerns. Do not assume that there is a best practices for each mode; and the most rule preventing you from moving to a cloud successful CCoEs are typically more focused on office supplier without first investigating the business agility than cost reduction. matter by working with legal counsel. Gartner finds that many assumptions about legal Benefit Rating: High restrictions are due to unnecessarily wide interpretations. Market Penetration: 5% to 20% of target audience • Look beyond a “like for like” deployment that focuses only on recreating previous Maturity: Early mainstream on-premises functionality from the cloud. Although this can be a good initial step, Climbing the Slope investigate the unique capabilities of cloud Cloud Office office suites to improve digital dexterity, Analysis By: Jeffrey Mann efficiency and innovation.

Definition: “Cloud office” refers to a collection • Plan specific efforts to address user adoption of the most broadly used suites of SaaS-based by focusing on user change management. personal productivity, horizontal collaboration It is usually not obvious how to use the and communication tools. The suites generally new capabilities to increase effectiveness. include email, IM, , conferencing, Employees will benefit from assistance and document management and editing, search and guidance, perhaps from more advanced discovery, and collaboration. Microsoft Office 365 colleagues, as a part of the digital dexterity and Google G Suite are the primary examples. initiative. The broad term “cloud office” is a general term. The name “Microsoft Office” refers to a specific • All organizations must take a position on set of products. cloud office deployment, even if it is a decision not to move, or not to move yet. An Position and Adoption Speed Justification: active decision is better than delay. The cloud office technology profile has advanced quickly along the Hype Cycle as enterprise • Look to cloud office suites as a source for continuous innovation in a form that is 40

relatively easy to adopt. Innovations like integration platform (HIP) and self-service every day AI, cross-tool integration, and better delivery models to support a range of integration meetings are likely to come from cloud office personas (such as integration specialists or ad products. hoc and citizen integrators).

• Ignore self-serving vendor migration Tens of thousands of organizations, of all sizes pressures, but develop plans based on and in all vertical industries and geographies, enterprise requirements and strategies. have so far adopted iPaaS offerings, therefore providers’ revenue is skyrocketing (close to Business Impact: The wide scope of cloud 70% growth in 2017). The market includes office workloads (especially email) means that many specialist players (, Jitterbit, this technology will potentially affect everyone SnapLogic, Workato) as well as established in the organization. These suites support a integration providers (Informatica, Software wide variety of styles of collaboration including AG, TIBCO Software). The iPaaS offerings of video, conversational, and social as well as the megavendors (IBM, Microsoft, Oracle, SAP and more conventional email and IM. While overall now also Salesforce) are having a significant adoption is in the 30% to 40% range, most impact on the market, primarily via cross-selling organizations have made a plan or specifically to established clients. decided to put off making a move, which will be difficult to avoid in the longer term. iPaaS functionality is available as stand-alone offerings, but also often as an “embedded” Benefit Rating: High feature in a variety of cloud services. This will favor adoption, although it may result in some Market Penetration: 20% to 50% of target duplication of technology for organizations with audience multiple, uncoordinated buying centers.

Maturity: Early mainstream Driven by the explosion of innovative and time-constrained digital business initiatives, Sample Vendors: Amazon; Google; IBM; and pushed by the marketing machines of the Microsoft; Zoho megavendors, iPaaS adoption will continue to grow quickly both in SMBs and large iPaaS organizations. Barriers to this adoption will Analysis By: Massimo Pezzini include:

Definition: Integration platform as a service • Growing market fragmentation (iPaaS) is a cloud service that supports application, data and process integration • Bifurcation between enterprise iPaaS providers requirements, usually involving a combination (broad use-case coverage) and domain- of cloud-based, on-premises, mobile and IoT specific iPaaS players (focused on verticals, or endpoints. iPaaS delivers a mix of capabilities ecosystems), which may create confusion in typically found in classic integration software the market and, increasingly, in API management platforms. IT departments and lines of business leverage • The dubious viability of some pure-play these capabilities to develop, manage and providers execute integration processes — increasingly in the context of hybrid integration platform User Advice: Compelling iPaaS value strategies. propositions include ease of use (expected to further improve via the recent introduction of Position and Adoption Speed Justification: AI, ML and NLP techniques), fitness with cloud- iPaaS offerings are primarily used for SaaS and centric integration requirements, self-service via cloud-data integration, but increasingly also cloudstreams (prepackaged integrations), and for API publishing and management, mobile lower entry and IT operation costs. iPaaS’s greater app integration, data management and Internet flexibility and range of functionality than with of Things (IoT) scenarios. A growing number traditional integration platforms also appeals to of organizations have also adopted iPaaS as a prospects. complement to, or replacement for, traditional integration platform software to support on- Application leaders responsible for modernizing premises application, data and B2B integration their integration infrastructure should position projects. This often happens in the context iPaaS as: of an integration strategy that aims at hybrid 41

• The integration platform of choice for midsize used only by large organizations, is now also organizations moving to the cloud and for affordable for midsize businesses — enabling “greenfield” integration initiatives them to improve the quality and agility of their business processes. • A quick-win approach to well-defined use cases, typically via the tactical adoption of Benefit Rating: High domain-specific iPaaS offerings Market Penetration: 20% to 50% of target • An opportunity to enable application audience developers, SaaS administrators or even business users to occasionally perform Maturity: Early mainstream integration tasks in a self-service fashion (ad hoc and citizen integrators) Sample Vendors: Dell Boomi; IBM; Informatica; Jitterbit; Microsoft; MuleSoft; Oracle; Scribe • A viable option for a variety of “adaptive” Software; SnapLogic; Workato integration projects with low budgets, severe time constraints, and informally defined and Private PaaS incrementally formulated requirements Analysis By: Yefim V. Natis; Paul Vincent

• A complement to traditional integration Definition: A private platform as a service platforms for a wide range of integration (PaaS) is a type of PaaS that offers exclusive scenarios, via the adoption of enterprise iPaaS access to a customer organization. Private PaaS offerings — increasingly in the context of HIP may be established on-premises or hosted on strategies and to support bimodal approaches a public IaaS by the customer organization to integration (self-managed). It can be managed by a service provider (provider-managed), typically as an Application leaders should, however, think isolated-tenancy (dedicated) rendition of a public strategically but act tactically in their iPaaS PaaS available from the same provider. acquisitions, because market changes are likely to happen during the next three to five years PaaS framework software products are designed (if not earlier) as it progressively moves toward as supporting technology to set up a private self- saturation. Many of the current providers will be managed PaaS. acquired; retrench into narrow, more defensible niches; reposition; or simply go out of business. Position and Adoption Speed Justification: “Private PaaS” is a name that has been Business Impact: The use of iPaaS offerings will often attributed — incorrectly — to simply a help application leaders to: deployment of a PaaS framework software, like Pivotal Application Service or Red Hat OpenShift • Support the any-to-any, pervasive integration Container Platform, or a less-opinionated challenge posed by digital transformation container management software, like Mesosphere initiatives; typically, as a complement to a DC/OS or Pivotal Container Service. Container broader HIP management on-premises is a progressive development for most organizations, it delivers • Reduce the time to value for new cloud greater agility and efficiency to the organization’s services, via faster integration IT. But it does not automatically deliver the cloud benefits associated with PaaS — standardization, • Increase business process efficiency separation of concerns, elastic scalability and self-service. Private PaaS is associated foremost • Integrate faster and more easily with business with the separation of providers of services and partners the subscribers. There must exist a platform operations team that is independent of the • Enable business innovation through API development team that subscribe to the platform publishing, mobile apps, IoT integration and services. In a self-managed environment, both other emerging use cases such as robotic the operations and the development teams process automation, event-stream processing belong to the same organization. In the provider- and digital integration hub architectures managed scenario the operations and the development teams are different companies (the Through iPaaS, the state-of-the-art application provider and the customer). In both scenarios, a and data integration technology previously portal must isolate the two sides (the operations 42

and development teams) and the provider does service, or the vendor lock-in. It positions these not offer any customer-specific services, only a organizations for gradual transition to hybrid standard list, available equally to all qualified and public application platform options. Thus, subscribers. Such organizational discipline is hard private PaaS accelerates cloud adoption by the to enforce in most self-managed deployments; the more-conservative mainstream enterprises. It also provider-managed option is more likely to deliver opens the customer organizations to potential true cloud PaaS experience in a private context. multicloud presence to reduce vendor lock-in.

Growing popularity and production experience Benefit Rating: Moderate of organizations with PaaS framework and container management software have led most Market Penetration: 5% to 20% of target organizations to a more realistic understanding audience of what outcomes and experiences are available with that technology and the associated Maturity: Early mainstream necessary investments. Some organizations have succeeded in establishing the firm separation Sample Vendors: Docker; IBM Cloud Dedicated; of the providers and subscribers of the PaaS Mesosphere; Oracle Dedicated Compute Classic; capabilities. Others have simply settled on the Pivotal; Red Hat better operation IT environment. The greater sense of reality for self-managed private PaaS Public Cloud Storage and the increasing use of the provider-managed Analysis By: Raj Bala (dedicated) private PaaS — both lead to overall increasing maturity of private PaaS deployments, Definition: Public cloud storage is IaaS that advancing it toward the Plateau of Productivity. provides block, file and/or object storage services delivered through various protocols. The services User Advice: Application Leaders, CIOs, CTOs, IT are stand-alone, but often are used in conjunction leaders and planners should: with compute and other IaaS products. The services are priced based on capacity, data • Plan private PaaS initiatives in the knowledge transfer and/or number of requests. The services that true cloud outcomes are not achieved provide on-demand storage and are self- through technology alone, but require provisioned. Stored data exists in a multitenant changes to the IT organization, its culture, environment, and users access that data through processes, policies and operations. the block, network and REST protocols provided by the services. • Where feasible, choose public cloud services; recognize that establishing a private PaaS Position and Adoption Speed Justification: is not a trivial exercise — it will require a Public cloud storage is a critical part of most lot more effort, skill and experience than workloads that utilize public cloud IaaS, even subscribing to a public PaaS service. if it’s often invisible to end users. In fact, the default volume type used for virtual machines • When determined to establish a private PaaS on some providers is SSD-based block storage. environment, understand that taking the Unstructured data is frequently stored in provider-managed (dedicated) private PaaS object storage services for high-scale, low-cost approach is more likely to deliver the desired requirements, but end-users are often unaware of cloud outcomes. the underlying storage type being used. However, the market for public cloud storage is becoming • Recognize that software that is suitable for less invisible to end users as cloud providers enabling a private PaaS environment is also begin offering more traditional enterprise brands suitable for building a modern, continuous with data management capabilities of storage DevOps environment. Distinguish between systems found on-premises. these two objectives and understand their priorities to make the most of the technology User Advice: Do not choose a public cloud available and avoid unnecessary costs and storage provider based simply on cost or on disappointments. your enterprise’s existing relationship with the provider. The lowest-cost providers may not have Business Impact: Private PaaS offers access the scale and operational capabilities required to to some of the benefits of cloud computing become viable businesses that are sustainable for organizations that are concerned about over the long term. Moreover, these providers are public cloud maturity, security and quality of also unlikely to have the engineering capabilities 43

to innovate at the rapid pace set by the deployment model for new HCM, finance leaders in this market. Upheaval in this market and indirect procurement capabilities across warrants significant consideration of the risks if industries and organization sizes. Gartner predicts organizations choose a provider that is not one of that, through 2020, SaaS HCM and financial the hyperscale vendors, such as Alibaba, Amazon revenues will continue to grow at 7% annually. Web Services, Google and Microsoft. Many of the Tier 2 public cloud storage offerings that exist Currently, organizations of all sizes are adopting today may not exist in the same form tomorrow, a strategic approach to sourcing all their if they exist at all. administrative ERP capabilities as SaaS. In the last few years, there has been an increase in Utilize public cloud storage services when adoption of SaaS core financial management deploying applications in public cloud IaaS applications by organizations with revenues in environments, particularly those workloads excess of $1 billion. Organizations with revenues focused on analytics. Match workload in excess of $5 billion are still early adopters, characteristics and cost requirements to a but SaaS is the preferred option when replacing provider with equivalently suited services. these capabilities, even in these organizations. Vendors like Oracle and Workday are aggressively Business Impact: Public cloud storage services marketing their SaaS administrative ERP suites, are among the bedrock that underpins public while the maturity of solutions from specialist cloud IaaS. Recent advances in performance vendors across all aspects of administrative ERP as it relates to these storage services have continues to grow. enabled enterprises to use cloud IaaS for mission-critical workloads in addition to new, User Advice: Mode-2-style applications. The security advances allow enterprises to utilize public cloud storage • Organizations need to make decisions about services and experience the agility aspects of a cloud deployment options in the context of utility model, yet retain complete control from an their overall postmodern ERP strategy. encryption perspective. • When adopting SaaS applications, Benefit Rating: High organizations need to build the necessary processes and skills for quality assurance Market Penetration: More than 50% of target and adoption of new features that come with audience the frequent automatic updates. This means reducing and managing customizations and Maturity: Mature mainstream preparing the user community.

Sample Vendors: Alibaba Cloud; Amazon • Organizations need to educate users about Web Services; Google; IBM; Microsoft; Oracle; the benefits of a standardization approach. Rackspace; Adopting the standardized capabilities in SaaS administrative ERP solutions requires SaaS Administrative ERP a shift in the mindset of many business Analysis By: Mike Guay users, especially when they have used highly customized applications. Identify key decision Definition: SaaS administrative ERP focuses makers and influencers from finance, HCM on financial management, human capital and procurement, and support these changes. management (HCM) and indirect procurement. Some organizations deploy administrative ERP • SaaS vendors make much of the “low cost” capabilities as a corporate “backbone,” which of public cloud offerings. However, total some industries augment with industry-specific cost of ownership (TCO) for public cloud functionality. SaaS (cloud) administrative administrative ERP has not been proven to be ERP does not include remote hosting, where lower than that for on-premises and hosted ownership remains with the customer, or private alternatives. It is therefore important to cloud. In postmodern ERP strategies, SaaS undertake a detailed TCO analysis spanning administrative ERP can be supported either using at least two renewal cycles (often six to solutions from multiple vendors or a single- 10 years) to provide a clear estimation of vendor suite. subscription and support costs, as compared with alternatives. Position and Adoption Speed Justification: Public cloud SaaS is now the preferred 44

• Moving administrative ERP capabilities to the The largest aPaaS vendor is Salesforce, which public cloud will require new integration skills supports a SaaS plus PaaS model and high and technologies to support feeder systems productivity plus high control. It is the No. 1 linked to HCM, financials and procurement. aPaaS vendor by some margin (with revenue of $1.8 billion in 2017), the No. 2 for PaaS, Business Impact: Public cloud SaaS and the No. 3 for application infrastructure and administrative ERP offers the opportunity middleware. Salesforce is continuing to grow fast to standardize business processes, reduce in the aPaaS sector through training programs customization and improve operating efficiencies. and its app store ecosystem. Organizations will also have the opportunity to “reset” administrative processes and adopt new Other megavendors were late to the aPaaS market, ways of working, supported by a new generation of especially for high-productivity aPaaS. It is no SaaS applications coupled with process best practice coincidence that the independents are mostly templates from system integrators and vendors. thriving in the high-productivity sector traditionally overlooked by legacy platform vendors. Moving to the public cloud also makes it easier to adopt the new functionalities required to The aPaaS market achieved a compound annual support new regulatory requirements, because growth rate of over 20% over the past three vendors can deliver these more rapidly than with years. This contrasts with the traditional platform an on-premises model. This can be of significant middleware market’s compound annual decline benefit to administrative functions, especially of 1.6%. those within finance and HR. The maturation of aPaaS technologies marks Benefit Rating: Moderate the beginning of mainstream de facto usage by enterprise and departmental IT teams. Market Penetration: 20% to 50% of target Enterprise adoption of aPaaS offerings in general audience is increasing and steadily moving toward the Plateau of Productivity, with cloud-native Maturity: Early mainstream capabilities replacing traditional on-premises monolithic application technology. There are Sample Vendors: Acumatica; Epicor Software; competitive threats to high-control aPaaS from FinancialForce; Microsoft; Oracle; Sage; SAP; self-assembled container-based platforms, Ultimate Software; Unit4; Workday PaaS frameworks and serverless function PaaS (fPaaS): aPaaS in general has yet to shift to the Application PaaS serverless model that will provide opacity of Analysis By: Paul Vincent; Yefim V. Natis underlying infrastructure and maturity. Today, the combination of high-control and high-productivity Definition: An application platform as a service aPaaS fulfills the majority of requirements for (aPaaS) is a cloud platform service that offers new and modernized applications. application development and deployment environments. There are high-productivity User Advice: Application leaders, CIOs, CTOs, IT and high-control types of aPaaS. Some are leaders and planners should: multifunction, embedding services like databases. Others focus on programming code • Use cloud-native platforms, including environments and rely on other specialized PaaS aPaaS, as strategic platforms for all new and (xPaaS) for additional services. modernized applications. Although aPaaS is still evolving, avoiding it risks limiting agility and Position and Adoption Speed Justification: innovation, as the familiar “legacy” platforms The aPaaS market is served by all the cloud of past decades are inelastic. aPaaS offerings megavendors and many independents. The provide cloud-first, cloud-native best practices, megavendors, such as Amazon Web Services, and should be the primary components of a Microsoft and Salesforce, are pursuing megaPaaS hybrid application platform portfolio. strategies and moving to complete their coverage of high-control and high-productivity • Consider both high-control and high- aPaaS. Independent vendors offer specialized productivity aPaaS for appropriate use cases. or multifunction capabilities. Some aPaaS have High-control aPaaS is suitable for mesh app evolved from on-premises development platforms and service architecture (MASA) and high- or cloud SaaS, and there is increasing support for performance miniservices and microservices, as hybrid on-premises and multicloud options. opposed to “bare bones” container infrastructure 45

as a service (cIaaS) offerings. High-performance Microsoft; Oracle; OutSystems; Quick Base; aPaaS is suitable for more common enterprise Salesforce; SAP; ServiceNow use case patterns and where three-month delivery schedules are more important than Cloud Computing specialized services or extreme performance. Analysis By: David Mitchell Smith Blend both types for maximum flexibility in terms of technologies, development skills and Definition: Cloud computing is a style of speed of application delivery. computing in which scalable and elastic IT- enabled capabilities are delivered as a service • Consider cloud-enabled application platforms using internet technologies. or PaaS frameworks, such as and OpenShift, as alternatives to aPaaS Position and Adoption Speed Justification: where high-control hybrid, multicloud or edge Cloud computing is a very visible and hyped term, application services are desired. and has passed the Trough of Disillusionment. Cloud computing remains a major force in IT. Every • Augment or replace high-control aPaaS IT vendor has a cloud strategy — although many with fPaaS when they require variability in aren’t cloud-centric, and some are better described compute resources and are not concerned as “cloud inspired.” Although users are unlikely to with infrastructure for professional coders’ completely abandon on-premises models, there applications. They should, however, note that is continued movement toward consuming more fPaaS is still a new platform type. services from the cloud and enabling capabilities not easily done elsewhere. Much of the focus is on • Favor strategic providers that offer agility, speed and other non-cost-related benefits. integrated access to, and management of, high-productivity and high-control aPaaS “Cloud computing” continues to be one of the capabilities, as well as other specialized most hyped terms in the history of IT. Its hype xPaaS, SaaS and/or IaaS (as required across transcends the IT industry and has entered projects). popular culture, which has had the effect of increasing hype and confusion around the term. • When planning aPaaS-centered initiatives, In fact, cloud computing hype is literally “off give special consideration to integration the charts,” as Gartner’s Hype Cycle does not needs. Web-scale IT will demand continuous measure amplitude of hype (that is, a heavily change, extension and integration. Vendor hyped term such as “cloud computing” rises no reliability in terms of backward-release higher on the Hype Cycle than anything else). compatibility should also be assessed. Although the peak of hype has long since passed, Business Impact: Public aPaaS changes the cloud still has more hype than many other model of IT software engineering from full-stack technologies that are actually at or near the responsibility to a focus on the business content Peak of Inflated Expectations. Variations, such as of applications. This, in turn, encourages a shift private cloud computing and hybrid approaches, in IT organization, processes, skills and culture compound the hype, and reinforce that one dot from infrastructure-centric to business-centric. The on a Hype Cycle cannot adequately represent benefit of adopting aPaaS to replace traditional all that is cloud computing. Some cloud on-premises development and production variations (such as hybrid IT and now multicloud management of applications is at least moderate. environments) are now at the center of where the It may be high or even transformational when used cloud hype currently is. in conjunction with, or in support of, agile and associated methodologies. In these cases, aPaaS User Advice: User organizations must demand gives IT teams new time-to-market advantages clarity from their vendors around cloud. Gartner’s and ready access to cloud-native technologies. definitions and descriptions of the attributes of cloud services can help with this. Users should Benefit Rating: Moderate look at specific usage scenarios and workloads, map their view of the cloud to that of potential Market Penetration: 5% to 20% of target providers, and focus more on specifics than on audience general cloud ideas. Understanding the service models involved is key. Maturity: Early mainstream Vendor organizations should focus their cloud Sample Vendors: Google; Kony; Mendix; strategies on more specific scenarios and unify 46

them into high-level messages that encompass although some confusion remains, brought the breadth of their offerings. Differentiation about by the blurring boundaries between PaaS in hybrid cloud strategies must be articulated. on one hand and IaaS and SaaS on the other. This will be challenging, as all are “talking Mainstream users have been gaining real value the talk,” but many are taking advantage of from PaaS deployments and a growing number the even broader leeway afforded by the term. of organizations are making long-term plans “Cloudwashing” should be minimized. Gartner’s for PaaS projects, replacing their reliance on Cloud Spectrum can be helpful. on-premises and IaaS+ initiatives and seeking new relationships with megaPaaS vendors. The Adopting cloud for the wrong reasons can lead increasing maturity of PaaS offerings overall, to disastrous results. There are many myths the fast-improving execution by IT megavendors surrounding cloud computing as a result of the (including Microsoft, Amazon Web Services hype (see “The Top 10 Cloud Myths”) for details [AWS], Google, SAP, Salesforce, IBM and Oracle), and advice. the growing market acceptance of the smaller xPaaS innovators (including Dell Boomi, Mendix, Business Impact: The cloud computing model Kony, Informatica, Pegasystems, OutSystems, is changing the way the IT industry looks at user StereoLOGIC, C3C IoT and many others), the and vendor relationships. Vendors must become momentum of SaaS and IaaS introducing PaaS to providers, or partner with service providers, to more organizations, the emerging born-on-the-cloud deliver technologies indirectly to users. User xPaaS capabilities (such as fPaaS) that are inherently organizations will watch portfolios of owned cloud-only — all of these trends are increasing technologies decline as service portfolios grow. customers’ confidence and advancing adoption of PaaS overall toward the Plateau of Productivity. Potential benefits of cloud include cost savings Some specific xPaaS categories have already and capabilities (including concepts that go by reached the maturity of mainstream adoption, names such as “agility,” “time to market” and including aPaaS, iPaaS, dbPaaS and others. “innovation”). Organizations should formulate cloud strategies that align business needs with User Advice: Application Leaders, CIOs, CTOs those potential benefits. Agility is the driving and IT leaders and planners: factor, most of the time. • Build new business software utilizing Benefit Rating: Transformational PaaS offerings to gain expertise in cloud- native experience, to take advantage of the Market Penetration: 20% to 50% of target continuous innovation common to cloud audience environment, to gain high quality of service, including high availability, disaster recovery Maturity: Early mainstream and security, and to be prepared for the next wave of business and technology innovation Sample Vendors: Amazon; Google; IBM; that will mostly be cloud-native and often Microsoft; Oracle; Red Hat; Salesforce; SAP cloud-only.

Platform as a Service (PaaS) • Look beyond just the application development Analysis By: Yefim V. Natis; Paul Vincent using aPaaS. A mature PaaS can provide application platform, integration, event Definition: Platform as a service (PaaS) is a processing and stream analytics, IoT, business type of a cloud offering that delivers application process management, portal, database infrastructure (middleware) capabilities as a management, in-memory data grids, business service. Gartner tracks multiple types of PaaS analytics, contextual data discovery, and other (xPaaS), including, among many more, application middleware services. The PaaS market can be platform as a service (aPaaS), integration PaaS as diverse in functionality as the traditional (iPaaS), API management PaaS (apimPaaS), function platform and middleware market, and it can PaaS (fPaaS), business analytics PaaS (baPaaS), IoT support a broad variety of project types. PaaS and database PaaS (dbPaaS). PaaS capability can be delivered as a provider-managed or self- • When public cloud is not an acceptable managed, multitenant or dedicated. option, consider the provider-managed (dedicated or local) virtual private PaaS ahead Position and Adoption Speed Justification: of the self-managed private. Self-managed The time of rampant hype and confusion about private PaaS is often too hard to carry out, the promise and nature of PaaS is behind us, for organizational and cultural reasons. The 47

provider-managed virtual private PaaS can be work across applications using a mixture of a suitable alternative. technologies.

• Choose comprehensive PaaS (megaPaaS) Position and Adoption Speed Justification: providers when looking to consolidate Cloud-testing solutions have become some cloud business relationships, but commonplace in performance and load testing, avoid exclusive commitments to retain the including performance monitoring. In addition, technical and business ability to incorporate cloud-based solutions for functional, usability PaaS capabilities of multiple providers. and user experience testing, as well as cross- browser, cross-platform and mobile testing, have • To build a dependable platform strategy and gained strong traction in the market. The demand reduce vendor lock-in, consider PaaS for created by mobile-first and omnichannel delivery initiatives that build on your commitments initiatives has created a strong demand for web, to SaaS or IaaS providers — in preference to mobile web and mobile device testing options embedded platform features. in the cloud. This includes visual testing, such as comparisons of how applications render on Business Impact: The relationship between different end-user devices and browsers. the vendors and their customers changes dramatically with transition to the cloud, In many cases, cloud-testing tools supplement where the vendors shift from just the role existing on-premises testing solutions. But the of the manufacturers of software to that of balance continues to shift as larger parts of active facilitators of their customer’s platform DevOps toolchains are delivered from the cloud. operations. Responsibilities, costs, skills, The cloud model has become widely accepted organization and culture of enterprise IT (and and is fast becoming an integral part of the business operations) undergo a transformation. software delivery pipeline. Cloud-based testing IT vendors and users that delay strategic adoption solutions are both accelerating the adoption of of cloud platform technology, architecture and automated testing and becoming integral parts of organization, are at risk of losing loyalty of their testing tool portfolios. customers. Customers that delay adoption of cloud platform services (PaaS), will find themselves with User Advice: Several use cases exist for these expensive vendor lock-in and chaotic handling of products. However, primary consideration should their hybrid technology environment. be based on lab scalability and the ability to match production use scenarios in a realistic Benefit Rating: Transformational way. For companies looking to control the costs of lab setup and maintenance of tool licenses, Market Penetration: 20% to 50% of target cloud-testing tools and services provide good audience choices. They are especially relevant in cases where the use of testing tools is seasonal. They Maturity: Early mainstream are also a good option for companies that lack tools and rely on manual testing, enabling these Sample Vendors: Amazon Web Services; Dell companies to move to automation and best- Boomi; Google Cloud Platform; IBM Cloud; practice behavior. Mendix; Microsoft Azure; Platform; OutSystems; Salesforce Platform; SAP Cloud Integrate cloud-based testing tools into an Platform agile delivery pipeline to further accelerate development and testing of applications. Cloud-Testing Tools and Services Consider cloud-delivered, scalable and automated Analysis By: Joachim Herschmann; Thomas E. on-demand test labs as part of a DevOps strategy. Murphy Full success requires that testing organizations also develop mature change management and Definition: Cloud-testing tools and services testing practices. involve the use of cloud technology to support testing from or in the cloud. This includes cloud- For performance testing, consider whether there based lab management, service virtualization, are readily available machines that have already on-demand-delivered testing tools and device been purchased. These may be easier and less clouds. This term also covers support for large- expensive for smaller-scale internal testing that scale load and performance tests, strong doesn’t require a heavy load. Here, it’s important technology coverage (e.g., middleware, message to understand the costs and benefits of in- formats, security protocols) and the ability to house provisioning versus the cloud. It is crucial 48

to clearly define the objectives of moving a “infrastructure as code,” including immutable particular testing project to the cloud. infrastructure.

Business Impact: Moving test labs to use a IaaS is increasingly used as a general substitute for virtualized infrastructure in private and public data center infrastructure, and may drive improved clouds can reduce the cost of management, operations, efficiency and cost savings. In this hardware, software and power. At the same time, context, it is typically used to host traditional it can be the crucial element that is needed to business applications, and may even host complex reach the goal of continuous delivery. Hosted enterprise applications, such as ERP. tools increase the ability to run more tests more frequently, which reduces production errors and Although growth of the market outside of the U.S. system failures. Cloud-based software provides has been slower — non-U.S. competitors have more flexible billing and capacity, which must be been much weaker, with immature and limited balanced against usage profiles. This flexibility offerings, and regulatory and data-sovereignty is viable for all organizations, regardless of the requirements may require keeping data and development methods they use. processing in-country — global demand is robust. Non-U.S. adoption continues to accelerate as Benefit Rating: High the market leaders open data centers in more countries. Market Penetration: 20% to 50% of target audience User Advice: The cloud IaaS provider market has bifurcated. Hyperscale integrated IaaS Maturity: Early mainstream and PaaS providers dominate the market, and a single vendor (Amazon Web Services) Sample Vendors: CA Technologies; Experitest; holds a commanding market share lead. The IBM; Microsoft; Neotys; Perfecto; Sauce Labs; nonhyperscale providers have largely been SmartBear; SOASTA; Testbirds relegated to specialized scenarios — primarily scenarios that require deep support for legacy Infrastructure as a Service (IaaS) technologies, or that have specific location Analysis By: Lydia Leong requirements that cannot be met by a hyperscale cloud provider. In general, the hyperscale Definition: Infrastructure as a service (IaaS) providers offer a broad range of capabilities, and is a standardized, highly automated offering can meet enterprise requirements for availability, in which computing resources owned by a performance, security, regulatory compliance, service provider, complemented by storage and service and support. The other providers also networking capabilities, are offered to customers generally offer high-quality services, though on demand. Resources are scalable and elastic in these services are more limited in scope. near real time and metered by use. Self-service Businesses can safely adopt these services. The interfaces, including an API and a graphical user risks are not significantly greater than with other interface (GUI), are exposed directly to customers. outsourced hosting approaches, assuming the Resources may be single-tenant or multitenant, cloud services used match the service levels and and are hosted by the service provider or on- security needs of the applications. premises in a customer’s data center. Most enterprises have begun to adopt IaaS Position and Adoption Speed Justification: strategically — and have a broad range of Cloud IaaS is a mainstream technology that workloads on IaaS, including production can be used to host most workloads, including applications. Public cloud IaaS now represents mission-critical enterprise applications. more than 15% of overall workloads. Midmarket Customers must still pay careful attention to businesses are the most likely to believe that selecting an appropriate provider, architecture IaaS will replace nearly all of their data center and security controls, and are responsible for infrastructures during the next five years. Most proper governance. businesses have at least piloted IaaS, but those that have not done so should begin with new The best use of IaaS is transformational, where it applications. can offer significant benefits in business agility, operations quality and cost. IaaS is frequently Both public multitenant and private single-tenant used to improve developer productivity and offerings are available; however, the distinction agility, and can facilitate continuous integration/ between public and private cloud IaaS is blurring. continuous deployment (CI/CD), and the use of The most cost-effective clouds are highly 49

standardized and use a shared capacity pool. Definition: The buyers and sellers of public There are hybrid public/private cloud offerings cloud services need standardized ways to — enabling “cloud bursting” for on-demand assess provider security and continuity. Formal capacity and business continuity — however, this assessments are performed by independent technology is likely to remain confined to narrow evaluators, that are authorized by an niches. authentication body to use published control standards and process guidelines to evaluate In most cases, there are no technical barriers, service provider security posture, and publicly and few contractual or business barriers, to share their findings. using cloud IaaS for a virtualizable x86-based application. Instead, IT leaders should ask Position and Adoption Speed Justification: themselves whether cloud IaaS is the best Every globally active Tier 1 cloud service provider possible solution for an application. In many (CSP), such as Amazon Web Services (AWS), cases, organizations should consider using both Box, Dropbox, Google, Microsoft, Salesforce and IaaS and PaaS, preferably from a cloud provider Workday, has completed several formal third- that offers integrated IaaS and PaaS, rather than party security assessments. Approximately half IaaS alone. of the growing number of Tier 2 cloud service providers have also undertaken at least one Business Impact: Cloud computing formal security assessment (although rapid infrastructure services are broadly advantageous growth in the number of midsize CSPs continues for IT organizations. The cost benefits, driven to make this a difficult estimation). Customer primarily by automation, are particularly data from cloud access security broker vendors significant for small and midsize businesses suggests that half of all SaaS traffic is flowing to (SMBs). Larger enterprises benefit primarily from assessed vendors. greater flexibility and agility, although they can potentially also achieve cost reductions. Formal evaluation is becoming a standard for CSPs that wish to provide services to enterprise The benefits of IaaS have been driven primarily customers. Gartner anticipates that within several by the developer empowerment that comes from years, virtually all Tier 1 and 2 CSPs, representing self-service, the flexibility offered by on-demand virtually all strategically significant providers, infrastructure, and the quality and efficiency of will successfully complete and maintain a cloud automation. Over time, system management security assessment. tasks have become increasingly automated, leading to more-efficient infrastructure User Advice: Cloud service buyers that desire management. Organizations that simply “lift and useful levels of assurance for cloud service shift” workloads to the cloud will reap limited security and reliability for the least cost and effort cost and efficiency benefits, compared with those should use CSPs that have been verified through that use IaaS to drive IT transformation. a standards-based, third-party evaluation. By a significant degree, ISO/IEC 27001 and SOC 2 are The metered-by-use attribute of these services the two most widely recognized and available will result in more-efficient use of capacity, and standards-based formal evaluations being used their self-service nature will empower employees by cloud service providers. Although they are outside IT operations. This will improve developer not yet widely applied, Gartner anticipates that productivity and make it easier for business a growing number of cloud security assessments buyers to obtain infrastructure. will include evaluation of controls from the ISO/ IEC 27017 cloud security standard, and the ISO/ Benefit Rating: High IEC 27018 cloud privacy standard, which will ensure that the assessment process addresses Market Penetration: 20% to 50% of target cloud-specific security concerns. Organizations audience handling credit card data must use services that have successfully undergone a Payment Maturity: Early mainstream Card Industry Data Security Standard (PCI DSS) evaluation, and U.S. federal agencies should be Sample Vendors: Alibaba Cloud; Amazon Web using services that have undergone the Federal Services; Google (Cloud Platform); IBM; Microsoft Risk and Authorization Management Program (Azure); Oracle; Skytap; Virtustream (FedRAMP) evaluation process. In all cases, higher levels of assurance can be attained by Cloud Security Assessments requesting a copy of the detailed findings report Analysis By: Jay Heiser; Khushbu Pratap from the third-party evaluator and thoroughly 50

reviewing it against the specific needs and risks Market Penetration: 20% to 50% of target of your use case. audience

If a formal third-party evaluation is not available Maturity: Early mainstream from a service provider, then the buying organization should at least ensure in writing Sample Vendors: Coalfire; Deloitte; EY; KPMG; that the CSP is meeting a minimum expected PwC; Schellman set of controls. Ask for a complete response to one of the published cloud risk questionnaires. De Entering the Plateau facto standard templates available from Shared IaaS+ Assessments, the Cloud Security Alliance and the Analysis By: Yefim V. Natis; David Mitchell U.S. FedRAMP program. These are constructed in Smith the form of yes-no questions; however, in critical use cases, much more detailed risk assessment Definition: IaaS+ is a platform deployment information can be obtained by replacing the binary model where application infrastructure (platform) “Do you?” with “How do you?” This approach cannot software is deployed on an infrastructure as provide the level of rigor and assurance typical of a a service (IaaS), including instance IaaS and formal third-party evaluation. container IaaS. In contrast to PaaS, here the cloud provider does not take ownership of the Most Cloud Application Security Broker (CASB) layers above IaaS and does not manage the tools include a Cloud Application Discovery quality of service, versioning and administration capability that scores the risk relevance of cloud of the application platform software. IaaS may service providers, and several Security Ratings be offered with preinstalled, but not managed, Service vendors also provide scores indicative application infrastructure, forming the instances of estimated CSP security posture. While the of IaaS+ or container IaaS+. full accuracy of these scoring mechanisms remains an open question, they are being used Position and Adoption Speed Justification: by a growing number of Gartner clients to help IaaS+ is often presented as PaaS because it determine the security acceptability of CSPs deceptively offers some of the same application that have not undergone a formal third-party infrastructure capabilities (such as application evaluation. platforms, DBMS or integration). But IaaS+ does not deliver the PaaS experience, cost patterns or Do not automatically assume that all cloud productivity. It is not PaaS, though “not PaaS” services must meet the same security standards. may be exactly what customers need when full Tier 3 cloud service providers are typically not control of the technology stack is the objective, being used in strategically important ways, so such as for hosting legacy applications in the their lack of formal security assessment is usually cloud or seeking assured multicloud portability. acceptable. IaaS+ can be the preferred choice for the high- Business Impact: The impracticality of control projects that look for access to the conducting a resource-intensive manual risk underlying technology infrastructure and are assessment process has historically inhibited equipped for the challenge. It may also be the the cloud computing market, and it is becoming first-choice option for projects that seek to migrate awkwardly obvious that questionnaires take too existing on-premises software to the cloud with much effort to provide too little risk-relevant minimal disruption, or for those planning for information. The use of formal cloud risk multicloud deployments, especially in the case of evaluation is proving increasingly beneficial independent software vendors (ISVs). in reducing the market friction caused by concerns over security and the current lack As more users have gained experience with both of transparency, and it serves as a signal PaaS and IaaS+ models, it has become evident to prospects that the provider intends to that, for mainstream customers, the increased continue investing in security. Formal security productivity and consistency of outcomes of assessments allow cloud buyers to concentrate PaaS outweighs the added control and familiarity on the functional aspects of the available of IaaS+. At the same time, the improving services, without having to waste time in fruitless understanding of the reality of IaaS+ allows exercises to determine whether the CSP is those that truly need the extra control to begin “secure” or not. to choose IaaS+ for its true merits. Thus, use of IaaS+ is solidifying in its specialized use cases Benefit Rating: High 51

(assured multicloud, “lift and shift,” unique Benefit Rating: Moderate technical requirements). The confusion between the two approaches is mostly in the past. This Market Penetration: 20% to 50% of target trend is gradually bringing IaaS+ toward the audience Plateau of Productivity. Maturity: Early mainstream User Advice: For application leaders, CIOs, CTOs, IT leaders and planners: Sample Vendors: Amazon Web Services; CenturyLink; Google (Cloud Platform); IBM • Choose IaaS+ when you want to maximize (Cloud); Microsoft (Azure); Oracle (Cloud control over your application infrastructure, Platform); Rackspace such as for DBMS, application and integration platforms, and when you are prepared to Software as a Service (SaaS) maintain the required in-house expertise. Analysis By: Jay Heiser

• Choose IaaS+ when retaining on-premises Definition: SaaS is an application model in software and skills, or when hybrid and which the software is owned, delivered and multicloud deployment are high priorities. managed by the provider. It uses a pay-for-use or subscription model, with a consistent version • Choose IaaS+ for development and test of the application simultaneously offered to of applications intended for production multiple customers. SaaS is overwhelmingly deployment on-premises to reduce the costs delivered through a multi-tenant public cloud and to expedite production delivery of the model, although some applications are available applications. as a single-tenant or on-premises version.

• Choose a container IaaS+ when looking Position and Adoption Speed Justification: to utilize the agility and efficiency of With almost 20 years of steadily increasing OS containers and delegate container significance, SaaS has established itself as the orchestration and management, while normal delivery model for many application retaining control of the application types, including CRM and HCM. Preferring the infrastructure. cash flow benefits of subscription over licensing, almost all application vendors have expressed • Choose a PaaS if you are looking for reduced an intent to make SaaS their primary, and complexity or increased productivity of usually exclusive, delivery model. Although a provisioning, management and administration significant minority of enterprise customers for IT projects. still questions the appropriateness of a multi- tenant public cloud delivery model, virtually all • Plan for applications developed and deployed organizations are making significant use of SaaS with the use of IaaS+ to achieve their ROI today. However, SaaS has not been established targets within the next two to three years, as the norm for all forms of software, including enabling you to re-evaluate the choice highly strategic applications such as ERP for between IaaS+ and PaaS in the future. manufacturing operations. SaaS as a concept should be considered as having reached the Business Impact: For many organizations, use Plateau of Productivity, but the transition toward of IaaS+ serves as the initial step toward PaaS. cloud-based application services is still arguably It is the least disruptive means of initial cloud at its midpoint. The utilization of SaaS, and the adoption by established IT organizations. Its maturity of many existing offerings, will continue limited platform efficiency and productivity are to evolve rapidly for at least another 10 years. balanced by a greater degree of control over the operating environment and greater portability User Advice: SaaS should be a first preference with the on-premises skills and software when considering new application capabilities, (compared with PaaS). Some advanced users unless there are specific reasons not to such take advantage of the extra levels of control in as concern for data residency requirements IaaS+ and build advanced solutions, including or complex integration requirements. If you some new PaaS capabilities. Others use IaaS+ for want to help your organization make the most development and test of applications targeted effective use of SaaS, you should use the at on-premises deployments and for migration following practices: of existing software off-premises. ISVs and some others use IaaS+ to assure multicloud portability of their applications. 52

• Give up on the idea that the IT department SaaS is a perfect choice for organizations that do will control application choice and usage. IT can not have the IT resources to deploy and maintain no longer be fully in charge of the organization’s on-premises software. This is prevalent in small or digital destiny, and instead will increasingly be midsize businesses, as well as in large enterprises in the role of internal consultant or broker for with limited capabilities in their IT departments applications that are the primary responsibility of or business units. SaaS enables companies or the lines of business. business departments to get to live-deployment status more quickly, especially when deploying • Treat SaaS as the first and preferred option less complex applications. On an ongoing basis, for application capabilities, but prepare SaaS provides more agility for making changes your organization for changes in business through self-service interfaces and greater processes as a result. innovation because SaaS providers deliver ongoing enhancements through the service. SaaS • Embrace standard SaaS offerings, even if it is also a great option for organizations to test or means giving up some capabilities. experiment with new ideas that may or may not be fully implemented or continued. • Build a culture of continuous improvement to take advantage of upgrades while The downside of SaaS is that usage tends to minimizing negative impact. Updates of SaaS sprawl, with organizations paying for a larger applications will occur, and you will not have set of services and seats than are necessary. control over them. Unfortunately, the best practices for the control of SaaS, and the associated toolset, remain • Develop policies and processes to govern relatively immature. the entire SaaS application life cycle, from approval through operations to obsolescence. Benefit Rating: Transformational

• Create a SaaS competency center to Market Penetration: More than 50% of target centralize and share SaaS-specific knowledge audience and practices for procurement, negotiation, provisioning, use, support, continuity and Maturity: Early mainstream customization. Sample Vendors: Box; Dropbox; Google; Business Impact: The one-size-fits-all model Microsoft Office 365; Oracle; Salesforce; of SaaS represents a form of discipline that ServiceNow; Slack; Workday is almost impossible to emulate within an IT department that is inevitably pressured into countless modifications and changes that escalate software costs. SaaS does not require a capital investment in hardware and licenses, which further reduces its initial costs. In subsequent years, however, SaaS may be more expensive than traditional software offerings because the operating expense remains consistent over time. Future demands to customize or integrate SaaS applications are usually more expensive than comparable modifications of traditional software, and may be impossible. 53

Appendixes

FIGURE 3 Hype Cycle for Cloud Computing, 2017

Source: Gartner (August 2017) 54

Hype Cycle Phases, Benefit Ratings and Maturity Levels

Table 1. Hype Cycle Phases Phase Definition Innovation Trigger A breakthrough, public demonstration, product launch or other event generates significant press and industry interest. Peak of Inflated Expectations During this phase of overenthusiasm and unrealistic projections, a flurry of well-publicized activity by technology leaders results in some successes, but more failures, as the technology is pushed to its limits. The only enterprises making money are conference organizers and magazine publishers. Trough of Disillusionment Because the technology does not live up to its overinflated expectations, it rapidly becomes unfashionable. Media interest wanes, except for a few cautionary tales. Slope of Enlightenment Focused experimentation and solid hard work by an increasingly diverse range of organizations lead to a true understanding of the technology’s applicability, risks and benefits. Commercial off-the-shelf methodologies and tools ease the development process. Plateau of Productivity The real-world benefits of the technology are demonstrated and accepted. Tools and methodologies are increasingly stable as they enter their second and third generations. Growing numbers of organizations feel comfortable with the reduced level of risk; the rapid growth phase of adoption begins. Approximately 20% of the technology’s target audience has adopted or is adopting the technology as it enters this phase. Years to Mainstream Adoption The time required for the technology to reach the Plateau of Productivity. Source: Gartner (July 2018)

Table 2. Benefit Ratings Benefit Rating Definition Transformational Enables new ways of doing business across industries that will result in major shifts in industry dynamics High Enables new ways of performing horizontal or vertical processes that will result in significantly increased revenue or cost savings for an enterprise Moderate Provides incremental improvements to established processes that will result in increased revenue or cost savings for an enterprise Low Slightly improves processes (for example, improved user experience) that will be difficult to translate into increased revenue or cost savings Source: Gartner (July 2018) 55

Table 3. Maturity Levels Maturity Level Status Products/Vendors Embryonic • In labs • None Emerging • Commercialization by vendors • First generation

• Pilots and deployments by industry • High price leaders • Much customization Adolescent • Maturing technology capabilities and • Second generation process understanding • Less customization • Uptake beyond early adopters Early mainstream • Proven technology • Third generation

• Vendors, technology and adoption rapidly • More out-of-box evolving methodologies Mature mainstream • Robust technology • Several dominant vendors

• Not much evolution in vendors or technology Legacy • Not appropriate for new developments • Maintenance revenue focus • Cost of migration constrains replacement Obsolete • Rarely used • Used/resale market only Source: Gartner (July 2018)

Source: Gartner Research Note G00340420, D. Mitchell Smith, E. Anderson, 31 July 2018 56

About Wipro

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading global information technology, consulting and business process services company. We harness the power of cognitive computing, hyper- automation, robotics, cloud, analytics and emerging technologies to help our clients adapt to the digital world and make them successful. A company recognized globally for its comprehensive portfolio of services, strong commitment to sustainability and good corporate citizenship, we have over 160,000 dedicated employees serving clients across six continents. Together, we discover ideas and connect the dots to build a better and a bold new future.

CAUTIOUS ITERATION – The technique to expose the hype and experience the reality of Cloud is published by Wipro. Editorial content supplied by Wipro is independent of Gartner analysis. All Gartner research is used with G