While interest in cloud computing continues to grow, there is mounting evidence that ‘cloud washing' is undermining trust in the concept, as Doug Woodburn reports
Any definition that includes everything is not a definition at all.
That's a maxim often cited by critics of contemporary art, but it could so easily be applied to arguably the most abused buzzword in IT: cloud computing.
The rise of cloud computing certainly feels unstoppable, with recent figures from the Cloud Industry Forum (CIF) indicating that over two thirds (69 per cent) of UK firms now use cloud services for at least one application area.
But there is a growing feeling that - alongside the privacy concerns reawakened by last year's PRISM furore - the fluffy form of IT's march to ubiquity is being impeded by the cynical phenomenon of cloud washing. To read CRN's special report on cloud washing in full, click here.
Although nothing new, the practice of deliberately and sometimes deceptively rebadging old products and services under the cloud banner is surely becoming more widespread as cloud's usage and appeal continues to grow.
This muddies the waters for vendors offering what those monitoring the industry such as CIF, the US National Institute of Standards and Technology (NIST) or Gartner would regard as genuine cloud services.
And the pub definition of cloud simply being the internet doesn't cut it.
Its full definition can be found at the bottom of this article, but for NIST cloud computing comprises five essential characteristics: on-demand self-service; broad network access; resource pooling (or multitenancy); rapid elasticity; and measured service. Just like Gartner, NIST feels cloud is divided into three service models - SaaS, PaaS and IaaS - while consisting of four delivery models: private cloud; community cloud; public cloud; and hybrid cloud.
While cloud comes in many forms, there's no doubt that many vendors are guilty of confusing customers by stretching the definition beyond breaking point.
Adding a cloudy sheen to dusty old boxes to draw in end users is not the only form cloud washing can take. IBM and Oracle are among those 
who've been accused of beefing up their cloud numbers in a bid to impress Wall Street (see a list of the five worst cloud washers here).
Some fear such practices are not only baffling customers but depriving them of huge potential cost savings and productivity gains by putting them off cloud altogether.
Campbell Williams, strategy director at UK datacentre provider Six Degrees (pictured, right), said: "It causes confusion, and that is an inherently bad thing because confused customers typically don't buy.
"If customers think this is just a bunch of old stuff that's been repositioned, they'll assume there's nothing new for them to see."
According to a survey Six Degrees commissioned last year, 45 per cent of UK IT decision makers saw cloud washing by marketing departments at technology brands as an increasing problem. Some 83 per cent felt that cloud service providers could do more to demystify the cloud.
Providers of hosted telephony -what used to be Centrex - and hosted Exchange have been particularly guilty of repackaging their products as cloud, Williams asserted. For him, a cloud service must deliver computing - ie, CPU, memory or storage - capabilities and should be delivered from a secure centralised platform, as well as having an element of elasticity, among other things.
"It's annoying when people talk about the cloud as if it's the internet or web. Facebook is not a cloud service," Williams said, reflecting that perhaps Apple's iCloud should be considered the only true consumer cloud service out there.
For Andy Burton, chief executive of CIF, cloud washing is more about the lack of visibility and transparency that still pervades pockets of what remains a developing industry.
"Buyers are beginning to ask the right questions," he said. "But half the challenge when you are looking at cloud-based solutions is determining who is the business behind it and where the data will be based.
"The customer doe
sn't necessarily see a clear and clean definition of the solution they are getting. Because of the overuse of the phrase, people think cloud is a panacea that means constant availability because it's scalable and resilient. But often vendors position the best prices when they advertise but don't give enough context on those prices."
CIF, whose members include Citrix, VMware ,Webroot, UKFast, Outsourcery and Computacenter, drew up a code of practice three years ago in an effort to bolster public trust in the cloud industry. That public trust was knocked last year after the collapse of UK VAR 2e2 left its cloud customers unable to access their data and other providers pulled out of the UK or suffered outages.
CIF members must publicly disclose a raft of information, including in which countries they hold and process customer data - and whether the customer can restrict this - and customer migration paths at contract termination.
"We are trying to ensure there is a genuine commitment to transparency from the executives of the company and that it's all being explained in a common language so a relative novice can compare between one service and another," said Burton.
Genuine cloud, real benefits
The benefits offered by genuine cloud services - reduced infrastructure-related costs and better speed and usability, to name but a few - are manifold, not least in the security space, where there are obvious advantages to processing data off-premise.
According to a survey commissioned recently by Webroot, 62 per cent of UK IT suppliers and MSPs now offer cloud-based anti-virus, with cloud-based anti-spam (61 per cent), firewall (54 per cent), endpoi
nt security (51 per cent) and access management (48 per cent) also all prevalent.
Webroot claims to be one of the few 100-per-cent cloud anti-malware vendors out there, which product marketing director George Anderson (pictured, left) said allows the vendor to ward off threats in real time and draw on a collective intelligence.
"[With cloud] you can put a phenomenal amount of resource into solving severe problems very quickly," he said.
"The other huge benefit of going to the cloud and processing up in the cloud is our agent is 100MB in size, our total disk usage is under six and our CPU usage is under five. We are light years ahead of what other products deliver."
By the end of 2014, Webroot will also offer utility billing, meaning MSP partners and customers will be charged only for what they use.
But Anderson said customers are being disorientated by rivals' attempts to daub a cloudy coat of paint on their traditional managed services.
"You've got Symantec Cloud, which is basically the MessageLabs hosted service they've had for years," Anderson said. "A lot of [competitors] claim their products are cloud but the only part that's cloud is the management console, while the product still resides on the endpoint and all the work is carried out there, which is the key criterion for me.
"If the majority of the processing is being carried out remotely in a datacentre the customer doesn't own, that's as close as you're going to get to a definition of cloud."
Anderson added: "It's a case of caveat emptor. But it does make it difficult for customers to compare things fairly if everybody is saying they're doing the same thing when, really, they're not."
Two years ago, analyst Forrester predicted that cloud computing will have "lost its usefulness" as a term by 2020 as it becomes a victim of its own ubiquity.
So ingrained in the business culture cloud will be, the need for distinction will have faded, while the security and data privacy concerns surrounding the fluffy form of IT will have melted away.
But Forrester's vision - at least in regards to the security and data privacy side - seems as far from reality now as it did in 2012 after last summer's PRISM furore rocked the cloud computing world to its core.
Last August, think tank Information Technology and Innovation Foundation predicted that security concerns sparked by the Snowden affair could cost the US cloud computing fraternity up to $35bn in lost trade from European clients over the next three years.
Similarly, a recent survey of 300 UK and Canadi
an businesses by hosting firm Peer 1 found that a quarter were looking to bin US cloud companies due to the NSA spying allegations.
However, Burton at CIF (pictured), said he suspected PRISM would not have a "deep and lasting" impact on the popularity of cloud.
"PRISM has focused people's minds on what to keep on premise and what to put in the public cloud. But I don't think it's the death knell for cloud, just like 2e2 and other organisations going bust wasn't," he said.
Burton said a survey CIF conducted around the time PRISM hit the headlines showed that people's sensitivity to where data is stored is actually decreasing and that data sovereignty is becoming less of an issue.
No-go zones
Having said that, Burton added that the majority of UK businesses want a cloud service provider they can interact with locally, a sentiment echoed by Williams at Six Degrees.
Williams noted that impending new EU regulations may compel UK firms to keep their data within European borders.
"I would be surprised if it's as draconian as the German system but I believe it's likely there will be a provision to put some sort of EU borders in place," he said.
"Outside the EU may be a no-go if you are talking about consumer data or data covered by the Data Protection Act.
"We don't know what form it will take. But I've spoken to people who share the view that if your cloud back-up platform or co-location centre is delivered by a UK-based service provider, using UK-based cloud platforms in UK datacentres, that will cover any legislation.
He added: "Many people want to visit their datacentre anyway. The [Six Degrees] name is on our entry gates and on our buildings, and it's our stuff from end to end. We have had the police turn up at the doors and if they don't have a warrant they get turned away."
Anderson at Webroot 
said the NSA spying saga had reminded end users they should approach migrating IT functions to the cloud with their eyes open.
"I do not think the NSA is conducting vast amounts of industrial espionage," he said.
"I think the conversation that's going on with the NSA is really about privacy, and whether we have any privacy in a digital world. And the answer is yes, you do, if you set out to make it private, but that you don't if you accept the shillings - and there are a lot of shillings out there. Google and Apple give us free apps and let us store stuff in the cloud and they need to make money out of that.
"So I think, if anything, the Snowden thing has made people wake up and decide what's important to them, and what they need to protect."
Whether the scaremongering headlines are justified or not, never has it been more important for cloud providers to be clear and transparent about the nature of the services they offer.
And ultimately, it is the channel that must guide end users through these debates, added Williams.
"Whether it's PRISM or cloud washing, it is the channel's role to help end users navigate through the hype and help them understand what the reality is and where the risks and potential trade-offs are," he said.
Cloud computing defined:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Source: US National Institute of Standards and Technology
