Zimory White Paper: The Cloud's Slow European Take-off

CLOUD COMPUTING
MARKET:
Understanding its Slow Take-Off in Europe
White Paper, May 2013

CLOUD COMPUTING MARKET
Copyright© 2013, Zimory GmbH 1
TABLE OF CONTENTS
Abstract...................................................................................................... 2
Introduction and Problem Description........................................................ 2
Cloud Computing Market Situation ............................................................ 3
IaaS vs. PaaS vs. SaaS: Differences in Market Perspectives....................................... 3
Public vs. Private… and Hybrid Models......................................................................... 5
Reasons for Slow Take Off of the Cloud Computing Market..................... 6
1. General Market Confusion......................................................................................... 7
2. Differences in Pricing Policies.................................................................................... 8
3. Absence of Neutral market place............................................................................... 9
4. Lack of Technical Standardization........................................................................... 10
5. Lock-in Policy of Larger Vendors............................................................................. 11
6. Fears regarding Data Protection and Legal Frameworks........................................ 12
European Union Mandate on Data Protection vs. U.S. Patriot Act ........................ 13
Differences between European Legal Frameworks................................................ 14
7. Inability to Test Cloud Services before Buying ........................................................ 15
Overcoming Slow Take Off: Benefits of Adopting Cloud Services .......... 16
Successful Cloud deployments of IaaS ...................................................................... 16
Zimory and Successful IaaS Deployments ................................................................. 17
IaaS Cloud Brokerage model....................................................................................... 18
Management of Connection Certificates................................................................. 20
Open Cloud Solution.................................................................................................... 21
Zimory Open Cloud Solution................................................................................... 21
Contact Information.................................................................................. 23

ABSTRACT
This document analyses various causes for the slow take-off of the Cloud Computing
market in general, based on recent research and published articles. Proposals to
overcome the slow take-off of the market are also enumerated in the following white
paper, with particular emphasis on Infrastructure-as-a-Service.
Keywords: Cloud Computing Market, Cloud Services, Infrastructure-as-a-Service (IaaS),
Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Public Clouds, Private,
Clouds, Hybrid Clouds, Security Policies.
INTRODUCTION AND
PROBLEM DESCRIPTION
The term “Cloud” is being increasingly used and analyzed in the IT market. Cloud
Services are synonymous with innovative features that clearly differ from the traditional
utility computing. Clouds are by definition flexible, dynamic, scalable and heterogeneous,
with three defined categories: Software as a Service (SaaS), Platform as a Service
(PaaS) and Infrastructure as a Service (IaaS). These qualities have proved to be very
positive for IT engineering and businesses.
Nevertheless, and because of its novelty, technical and business evolution, the Cloud
Computing market presents a certain number of obstacles for companies interested in
moving to the Cloud, especially in the early stages.
Decision makers face a sizable considerable number of challenges when considering
moving to the Cloud, especially with regards to the following obstacles:
 Pricing policies
 Neutral market place
 Technical standardization
 Lock-in policies
 Data protection and security policies
 Cloud security testing
This paper analyzes these challenges, offering factual, theoretical and practical reasons
for the slow take-off of the Cloud Computing market. It also analyzes possible instances
to overcome these difficulties, describing Zimory's position and practical solutions to
address these market obstacles.

CLOUD COMPUTING
MARKET SITUATION
The following section compares Cloud Services and models from various market
parameters. This comparison will be the basis for analyzing reasons of the slow take-off
of the Cloud Computing market in Europe.
IAAS VS. PAAS VS. SAAS:
DIFFERENCES IN MARKET PERSPECTIVES
The Cloud Computing market is categorized into three service types. The following table,
based on a study by Jeff Caruso for Network World
1
, compares the differences between
these categories regarding market dynamics.
Speed of Adoption
IaaS: Small and mid-size companies are adopting Cloud Services more easily and with
more enthusiasm than large companies, who are a bit more reluctant and still
in a “test phase”.
PaaS: Somewhere between SaaS and IaaS. Being developer-oriented, speed of
adoption for this specific target audience is predicted to rise in the short-term.
SaaS: Might be considered as the most abstract option of the three Cloud Service
categories, which lately has obstructed speed of adoption in the market. Highest
percentage of usage in the market. May actually become so overused that
will lose its “Cloud quality”.
Customer/User
IaaS: Customers maintain control of their software environment. No equipment.
IaaS vendors provide VMs.
PaaS: Developers build applications and use provided APIs and tools to hook them into
the provider's environment and run them there.
SaaS: Customers control very little of what happens inside the Cloud.
1
Network World, Inc. IaaS vs. PaaS vs. SaaS. Jeff Caruso. November, 2011.
http://www.networkworld.com/news/2011/102511-tech-argument-iaas-paas-saas-252357.html. Consulted on: 1st
June 2012.

Management of software environment
IaaS: Virtualization enters and plays a crucial role in customers' software
environment management
PaaS: Interaction between developer and provider environments
SaaS: Hold and manage control of the environment used by customers.
Providers
IaaS: There are many 'IaaS' providers that do not offer true Cloud IaaS.
Providers make efforts to avoid customers from lock in.
PaaS: Developers tools to create applications to the platform. Manage the hooking and
running of these applications on their own environment.
SaaS: Providers make most important resource decisions.
Service Principles
IaaS: Openness, portability, ability to get easily out of the Cloud.
PaaS: Targeting a very specific market. Not a finished and concrete product compared to
the other two Cloud Service categories
SaaS: Reduction of costs sacrificing customer control.
The list clearly shows that in speed of adoption, qualities such as customer control,
openness, portability and virtualization are the basis for IaaS increasing adoption rates. In
addition to, and regardless of the usage facilities and evident “popularity”, SaaS, by
comparison, continues to be more abstract, mainly because its many different layers
have yet to be explicitly defined, at least from a customer point of view. Finally, PaaS is
the middle-ground between facility without customer control of SaaS on one hand, and
complexity and broadness with customer management of IaaS on the other.
Nevertheless, Louis Columbus in Predicting Cloud Computing Adoption Rates
2
, presents
data of SaaS as leading indicator regarding Cloud adoption rates. Columbus quotes a
Forrester survey affirming that SaaS will present the highest Cloud adoption rate, growing
up to 50% in 2012. SaaS “popularity” and growth affect positively IaaS and PaaS
adoption rates as well, effectively clearing doubts and confusions about Cloud Services.
2
A Passion for Research Blog. Predicting Cloud Adoption Rates. Louis Columbus. July, 2011.

PUBLIC VS. PRIVATE…
AND HYBRID MODELS
It is often a confusing task for customers to clearly identify which Cloud Service model is
best suited to their needs. The increasing availability of choices such as dedicated
equipment and isolation tends to blur differences between Cloud Service models.
Articles such as Private Cloud vs. Public Cloud vs. Hybrid Cloud
10
and Gartner's
Evaluating Infrastructure as a Service
3
review the technical considerations when
choosing a Cloud model, these include:
 Applications and data to be moved to the Cloud.
 Applicable regulations and legal frameworks to the company and the provider.
 Geographic locations of the company and the provider.
 Required Service Levels and Service Level Agreements to be established
with providers.
 Usage patterns for workloads.
 Integration implications between applications and enterprise functions.
The following List
4
illustrates the most important differences between Cloud models, in
relation to the target market and usage parameters:
Target Companies
Public Clouds: Better adapted for companies that need to move their data dynamically
without having to comply with strong regulations for business.
Private Clouds: Better adapted for companies that need to comply with strong security
regulations (e.g. pharmaceutical, medical, governmental).
SaaS:
 A composition of at least two or more Clouds (private, community or public)
offering the benefits of multiple deployment models.
 The customer provides and manages some resources in-house and has
others provided externally
 Gartner predicts it to be the most commonly used Cloud model.
 It requires both on-premises resources and off-site server based
Cloud infrastructure.
3
Gartner, Inc. Evaluating Cloud Infrastructure as a Service. Lydia Leong . March, 2011.
4
Based on: Gartner, Inc. Design your Private Cloud with Hybrid in mind. Thomas J. Bittman. February, 2012.

Responsibility
Public Clouds: Providers have the biggest responsibility regarding control and
management of resources and data.
Private Clouds: Customers/ end users are responsible for directly controlling and
managing data. Providers also participate in management if required.
Number of Users
Public Clouds: Any number of users.
Private Clouds: Single user/ entity (a company, for example)
Implementation
Public Clouds: Shared implementations.
Private Clouds: Unshared implementations.
Provider
Public Clouds: External Service provider.
Private Clouds: On premises or off-premises.
The choice of Cloud model will depend on customer needs and the reasons
for Cloud adoption.
REASONS FOR SLOW TAKE OFF
OF THE CLOUD COMPUTING MARKET
The following section outlines both theoretical and practical approaches for Cloud
adoption in order to understand the slow take-off of the Cloud Computing market.
The causes analyzed include:
1. General market confusion.
2. Differences in pricing policies.
3. Absence of neutral market place.
4. Lack of technical standardization.
5. Lock-in policy of larger providers and vendors.
6. Inability to test Cloud Services before buying.
7. Fears regarding data protection.

1. GENERAL MARKET CONFUSION
The continual evolution of the Cloud Computing Services and market is more than
evident for the IT world. While evolution implies many positive changes and adaptations,
it also carries a certain confusion and uncertainty, and the Cloud Computing market
certainly reflects this definition.
The complexity and the broadness of the market can lead customers to have a blurred
outlook on the market and consequently by making uninformed decisions, it can take
them away from the expected results. There are still important doubts about basic
differences between Cloud solutions, data protection, testing and pricing policies.
Evidently, Cloud Computing is today more than a trending topic in all media, regardless of
the target audience. Many Cloud Computing providers have taken advantage of this
popularity to create what has been defined as a “Cloudwashing”
5
strategy, categorizing
their offerings with the “Cloud” quality, even if they are not truly Cloud Computing
Services.
The “Cloud-washing” phenomenon and the complexity among other reasons leave
customers with doubts and apprehension when facing the decision of Cloud adoption.
The National Institute of Standards and Technology (NIST) of the United States
Department of Commerce created a Cloud Computing Roadmap stating that “a neutral
common understanding and model is needed by customers in order to clearly and
consistently understand how Cloud Services compare (i.e., apples to apples.)”
6
Cloud
Computing solutions available in the market are multiple and diverse, which is a great
advantage for adaptability and flexibility. They add, however, complexity to the Cloud
adoption decision making. Customers need to better understand their organizational
needs in order to find the right Cloud solution. Furthermore, since this is an evolving
market, much effort and research is yet to be done to achieve technical and market
standardization and neutrality.
Providers are obliged to focus their efforts on accurately documenting information about
their Cloud Computing services, and making this documentation more accessible to the
market. In the European, and more specifically in the German market, an important
percentage of the available information focuses mainly on the potential risks of Cloud
adoption, which is obviously a positive aspect of Cloud Services documentation. It is
fundamental, however, to also generate documentation regarding the evident and
enormous saving potentials of Cloud adoption, such as improved time management,
avoidance of financial damages, as well as environmental issues. Exhaustive
documentation of both risks and the many benefits of Cloud Services will allow clients to
make a completely informed decision about Cloud adoption, and will contribute to a
5
Gartner, Inc. Pricing and Buyer's Guide for Web Hosting and Cloud Infrastructure, 2012. Lydia Leong. March,
2012
6
National Institute of Standards and Technology (NIST)-United States Department of Commerce. US
Government Cloud Computing Technology Roadmap Volume I Release 1.0. Lee Badger, David Bernstein, obert
Bohn, Frederic de Vaulx, Mike Hogan, Jian Mao, John Messina, Kevin Mills, Annie Sokol, Jin Tong, Fred
Whiteside and Dawn Leaf . November 2011.

positive evolution of the Cloud Computing market, especially in early stages, eliminating
the current general confusion.
2. DIFFERENCES IN PRICING POLICIES
Differences in pricing policies is one reason for the slow take-off and confusion in the
Cloud Computing market. There are often traditional, conservative and inflexible pricing
policies that go against the basic Cloud principles of adaptability, flexibility and scalability.
Customers that make an uninformed Cloud adoption decision, choose the “cheapest” or
“simplest” offer in the market, without even analyzing whether or not it suits their long
term needs. Bad decisions obviously lead to great frustrations, constituting a bad
precedent for the Cloud Computing market in general.
According to Gartner's Pricing and Buyer's Guide for Web Hosting and Cloud
Infrastructure, most pricing models include everything, with an “all in” policy. However,
some providers can for example, supply itemize pricing, making customers pay for
resources separately from management costs.
Prices also vary enormously depending on the capacity of VM storage, and RAM as well
as CPU speed and network bandwidth. The compute capacity is a variable that is yet to
be clearly defined among providers.
All of these ambiguities leave no doubt: Customers must choose providers with clear
product technical specifications of their services and solutions. All of these
requirements will guarantee an informed Cloud adoption decision and consequently
customer satisfaction.
NIST's Cloud Computing Roadmap states that the Cloud Computing industry needs to
clearly and consistently categorize Cloud Computing services regarding interoperability
and portability guidance and technology.
According to a 451 Group research regarding the State of European Cloud Provider
Market, “few providers offer a true pay-as-you-go service.”
7
Many customers see the
pay-as-you-use service as one of the most attractive qualities when considering moving
to the Cloud. However, they should look for Cloud Service providers that offer clear
standards for the pay-as-you-go service.
The 451 research also states that there is a “large variance in what service providers will
document as a performance standard and/or commit to under a Service Level
Agreement. Whether comparing IaaS, PaaS or SaaS, the level of technical commitments
offered or SLAs provided can vary considerably from one provider to the next.”
7
Cloud
Service providers are obliged to establish clear and public SLAs based on different
qualities and levels of service, as a basic condition in order to create a neutral contract.
7
The 451 Research: Hosting. State of the European Cloud Provider Market. February 2012.

3. ABSENCE OF NEUTRAL MARKET PLACE
The arrival and evolution of Cloud Computing has been revolutionary, especially with
regards to competition in the marketplace. There is no doubt that Cloud Computing
represents an enormous milestone for IT engineering. There are, however, many
elements to be improved in the Cloud Computing evolution process in order for it to
continue to be as positive as it has been so far.
One of these elements is the absence of a neutral marketplace and the consequent
appearance of market monopolies.
The Journal of Issues in Informing Science and Information Technology in the article
“Should the Cloud be Regulated?”
8
addresses this problem stating that the “massive
move to the Cloud and the promise of reduction of costs through the economies of scale
raise the problem of the creation of monopolies.” Sources for these monopolies are listed
as being the following:
 Resource scarcity: great difference of resources between big
companies and SMEs.
 High entry barriers: related to evident economies of scale. Big companies,
obviously being a clear market minority, make great investments in resources
and infrastructure, leaving smaller market players handicapped.
 Control of the platform for Cloud Computing construction: Complete management
of access and control.
Clearly, the rise of market monopolies in Cloud Computing directly leads to the reduction
of Cloud Service providers, which is counterproductive to the markets positive evolution
and growth. It would also leave customers with fewer choices to suit their needs.
“Net Neutrality” defenders claim that a larger companies' main objective is to establish a
market monopoly of Cloud Computing services. “Hence, it is said, direct controls are
necessary to ensure satisfactory performance: Control over profits, specific rates, quality
of service, extensions and abandonments of service and plant, even permission whether
to enter the business at all.”8
The market requires clear, standard and neutral regulations to guard and balance its
openness, where all market players are treated as equals, in order to ensure provider
diversity and the positive technical and market innovation of Cloud Computing services.
8
The Journal of Issues in Informing Science and Information Technology. Volume 8. Should the Cloud be
Regulated? Abbas Strømmen-Bakhtiar , Amir R. Razavi . 2011.

4. LACK OF TECHNICAL STANDARDIZATION
Cloud Computing is a relatively new market for IT engineering and IT businesses. At this
point, it is impossible to generalize about providers' implementation and quality
approaches.
Since the Cloud Computing market continues to evolve, there is an evident gap regarding
best-practice policies and the establishment of technical standards. This lack of
standards slows the take-off of the market as it leads to customer apprehensions and
insecurities when considering Cloud adoption.
The powerful market leaders that embrace quality and adaptability are yet to be
established. Those who manage to offer solutions with transparent technical standards,
interoperability and compatibility seem to win the battle in the long-term over the big
historical names in the IT market. Customers' interest and knowledge in Cloud Computing
is clearly increasing and will lead them to demand for more technical compatibility and
interoperability, as well as for well-defined technical standards.
Clear technical specifications will be the basis for establishing Service Level Agreements
(SLAs). SLAs are the core of a fair relationship and contract between Cloud Computing
customers and providers.
NIST's analysis of the Cloud Computing Roadmap states that the Cloud Computing
industry needs to “develop and adopt consistent technical specifications, of high quality
and completeness, to enable the creation and practical evaluation of SLAs between
customers and Cloud providers (interoperability, portability, and security guidance and
technology)”
8
. Otherwise, Cloud Computing market difficulties in the early stages will
remain or even increase while customers are unable to objectively compare between
providers' offerings. NIST analysis found that comparison variables are still blurry and
differ considerably regarding the following aspects:
 Agreement terms.
 Technology basis and performance: Supported hypervisors, functional
specifications, network interfaces, scalability, dynamic elastic allocation of
resources, tenant isolation, customer and support services, etc.
 Time measurements.
 Guarantee and data security policies.
These are basic elements for the establishment of any secure and fair contract between
two parties, especially in the IT business.
Finally, the NIST strongly recommends providers to establish clear, standard and
consistent categories of Cloud Services in order to develop an architectural reference
where category and technological interoperability and portability must take place.
Clear game rules will provide the market with the reliability and security needed for it to
have a more fluent take-off and development, promoting a safe and sane environment for
investment in technological and business innovations.

5. LOCK-IN POLICY OF LARGER VENDORS
The rise of Cloud Computing services seems to put the long discussed issue of vendor
lock-in back on the table. The presence of lock-in policies is closely related to the
absence of a neutral marketplace, since large vendors are interested and even invest in
creating a certain customer “dependency” on their product environment, which leads to a
closed market monopoly. This is opposite to the Cloud principles of interoperability and
compatibility.
Some of the large Cloud Services vendors tend to use this “customer dependency” as a
selling strategy, making their products inoperable and incompatible with products from
competing businesses, which obliges customers to rely on them for product
maintainability and update.
Vendor lock-in policies certainly go against the most basic Cloud principles: To buy or
install a web-based service, with no physical software or hardware to be to maintained
and upgraded strictly by the vendor who will obviously charge customers for these
services as well.
On the other hand, Cloud SMEs, such as Zimory, are making great efforts to fight against
lock-in policies that benefit only a few. If customers are to truly achieve their Cloud goals,
they need to consider moving away from this economic and technical monopoly of the big
market names. These efforts are demonstrated by Zimory with products that offer high-
quality, flexible service capability while still increasing efficiency. The software maintains
openness and independence, connecting various virtualization technologies into one
Cloud, and allowing flexible movement between private and public Clouds.
Diversity and interoperability allows market players to invest in relevant innovations rather
than in maintaining or updating systems.

6. FEARS REGARDING DATA PROTECTION
AND LEGAL FRAMEWORKS
Cloud adoption implies data interaction between customers and Cloud Service providers.
These functional and operational characteristics of Cloud Services put data protection
and security issues as one of the priorities to be analyzed when considering Cloud
adoption. Even though sources such as Network World state that “security issues have
dropped in importance”
9
comparing the market situation to a few years ago (an evidence
of the positive evolution of customers' confidence in Cloud Services advantages), data
protection and security issues are still one of the most important concerns preventing
some customers from Cloud, and it is a subject matter that implies many perspectives.
Cloud solutions imply dynamic interactions, which, from the customer's point of view,
might seem difficult to control with conventional IT security standards. Cloud Computing
security is in reality not isolated from the standard IT security, data protection policies and
regulations. Nevertheless, the architectural design, potential scaling, reliance on
networking, multi-tenancy and shared resource qualities of the Cloud Computing service
architecture lead to the necessity of reviewing current security control policies. This re-
examination of current policies would provide the market with reliability and transparency
for a more fluent market start.
As affirmed in the NIST Cloud Computing Roadmap, “security concerns need to be
documented, understood, and addressed to a degree that security in a Cloud is clearly
understood and managed.”
6
Customers need to be assured by Cloud Service providers
with clear and consistent information regarding data security policies and regulations in
order to facilitate the mainstream adoption of Cloud Services.
Gartner
10
recommends that decision makers should analyze data protection and security
implications before moving to the Cloud, by considering the following:
 Regulations of the country where the data is stored, where the company is
located and where the Cloud Service provider is located.
 Awareness of who controls and regulates data. Customers using services of a
US company are exposed to the Patriot Act, for example. Specific regulations
such as the US Patriot Act are outlined below.
 Transparency as a work principle should form a basis for Cloud Computing
companies and customers.
Players in the Cloud Computing market must be aware of the applicable regulation to
their business. Cloud Service vendors must make security issues as one of the
fundamental elements, if not the most important, to be documented and explained to
customers before moving to the Cloud.
9
Network World, Inc. Private Cloud vs. public Cloud vs. hybrid Cloud. Nancy Gohring. November, 2011.
http://www.networkworld.com/news/2011/102411-tech-argument-private-public-hybrid- Cloud-
252337.html?page=1. Consulted on: 1st June 2012.
10
Gartner, Inc. Predicts 2012: Cloud Computing Is Becoming a Reality. David Mitchell Smith, Yefim V. Natis,
Gregor Petri, Thomas J. Bittman, Eric Knipp, Paolo Malinverno, Joseph Feiman Lydia Leong . December, 2011.

In order to provide a more concrete outlook of regulations impacting the Cloud Computing
market, the following table
11
has been presented to describe the US Patriot Act and the
European Mandate on Data Protection, which will form the basis of an analyzed
comparison opposing these two legal frameworks:
EUROPEAN MANDATE
ON DATA PROTECTION
US PATRIOT ACT
Defined legal framework with criminal
sanction for anyone breaking the
EU data protection regulations.
Submission of US companies and
their foreign affiliates to be submitted
to US regulations, regardless
of their location.
Prohibition to access or share
EU citizens' personal data.
Possibility of accessing personal
data if companies or individuals are
suspected to have terrorist implications
Required notification of data release
(or sharing with third parties).
Direct prohibition of sharing data
controlled by US companies with third-
parties
European Union Mandate on Data Protection vs. U.S. Patriot Act
When comparing these two laws, it becomes evident that security is an issue to be
handled with extreme care with both customers and providers. Both of them need to be
fully aware of applicable regulation to their businesses. These regulations have proven to
be contradictory to each other. This is an obstacle for the Cloud Computing market to
progress and evolve, with complexity that affects both Cloud adoption decisions and
Cloud usage.
At first, American regulations appeared to be more flexible than European laws, mainly
because of the multiplicity of countries and cultural differences; until the appearance of
the U.S. Patriot Act. This law complicates in general all market dynamics and interactions,
especially those pertaining to data protection and security. It is a law with many blurry
regulations, which still causes significant controversy about its implications for business
and even personal privacy.
The U.S. Patriot Act is also in direct contradiction to the European Union Data Protection
mandate because it obliges, for example, American companies managing data in Europe
to comply with both European and American regulations. European laws strictly protect
access or sharing of European citizens' personal data, precisely demanding notification
when this data is shared with third-parties. On the other hand, as stated in the article:
11
Based on: © Informa. Can European Firms Use U.S. Clouds to Store Data? January, 2012.
http://informa1.ie/newsstory/Can_European_Firms_Legally_Use_U.S._ Clouds_To_Store_Data. Consulted on
31th May 2012.

Can European Firms Use U.S. Clouds to Store Data?, “the U.S. Patriot Act requires U.S.
Companies (and their foreign subsidiaries) to comply with U.S. Government data
requests regardless of location, provided that data is under the control of a U.S.
Company (…) such data sharing is not allowed to be revealed to a third party.”
11
Evidently, this conflicts with the European mandates strict demands of data sharing
notification.
Confusion and ignorance that result from these contradictions turn fear about data
protection and legal frameworks into an argument for not moving into the Cloud.
However, it is important to note that this is not a problem limited to the Cloud Computing
market, but also to traditional data centers.
Differences between European Legal Frameworks
European boarders were never an obstacle for business dynamics and interaction.
However, as described in this paper, the apparent market confusion in the evolving Cloud
Computing market could be one of the reasons for the slow market adoption. In Predicts
2012: Cloud Computing Is Becoming a Reality; Gartner affirms that European diversity
“will make Cloud adoption considerably slower. How slow will depend on how strict
national regulation and data privacy issues are in a specific country, and how pressing
the business requirement of reaping the benefits of Cloud Computing will be”
10
Gartner
also acknowledges Europe's IT literacy and maturity, qualities that will support the Cloud
adoption process in the European market.
An article published by the New York Times explains the implications of a panel, known
as the Article 29 Working Party, providing recommendations on Cloud Service
regulations. Recommendations will be published in a report that will also emphasize
advantages of Cloud adoption to, among other goals, support IT market innovation and
efficiency.
Recommendations are hoped to support also Cloud Service providers to “improve their
image” in Europe by clarifying confusions and reducing fear about data security and
protection, which will all result in encouraging Cloud adoption.
Article 29 Working Party's recommendations for Cloud Service providers might include:
 Informing clients exactly where their data is being physically stored at any time.
 Deleting all personal data in Cloud computing centers when retaining the data is
no longer necessary.
 Disclosing to clients the subcontractors they plan to use to process data.
Although these recommendations are obviously not mandatory, they are likely to
become a clear guidance for the 27 countries of the European Union, which will
considerably reduce the existing gap between the American and the European Cloud
Computing markets.
On the other hand, in a 451 Group analysis it is stated that European companies are
“taking a practical approach when it comes to data. It’s widely acknowledged that
enterprises in Europe want to keep their data in the country and ideally close to the
organization.”
7
A simple answer can be the departure point of finding a solution to

contradictory and unclear regulations. Zimory responds to this practical approach since
its enterprise-grade technology provides secure data and application processing in
Clouds, keeping the data in the country. The Zimory Cloud Suite matches the levels of
security, quality, reliability, availability and continuity found in their internal data centers.
7. INABILITY TO TEST CLOUD SERVICES BEFORE BUYING
For customers, being able to test products for themselves before buying is an important
requirement. It is especially important for customers to perform security testing on Cloud
Services, since Clouds might be a sensible target for hackers. However, conditions and
conventions are still unavailable for customers to test Cloud Services for themselves
before moving to the Cloud.
Vendors rely on third-party and independent testing entities to verify the well-functioning
and packaging of their products. On the other hand, Gartner points out that Clouds are
“providers' most valuable property”
10
, which makes them reluctant to allow access to
potential customers, only for testing purposes. These circumstances present further
evidence for the slow take-off of the Cloud Computing market.
To improve this situation in the short-term, it is integral for Cloud vendor's quality systems
to support and complete security testing, making it available for customers before Cloud
adoption. This is visibly one of the most awaited improvements in Cloud Computing
evolution, since it might be able to answer questions regarding data security and
protection issues; a breaking point for improving the slow take-off of Cloud Computing
market.
Zimory solutions are submitted to a high-level quality assurance process meeting security
and quality standards. Technical security measures implemented, as well as other
aspects of Zimory solutions will be treated in detail in the following section of this paper.

OVERCOMING SLOW TAKE OFF:
BENEFITS OF ADOPTING
CLOUD SERVICES
Having analyzed the main reasons for the slow take-off of the Cloud Computing market,
the following section presents concrete solutions to overcome market difficulties in the
early stages of Cloud adoption. Zimory solutions will be presented as an example to the
real feasibility of overcoming these obstacles.
SUCCESSFUL CLOUD
DEPLOYMENTS OF IAAS
Success in Infrastructure as a Service is a clear indicator that Cloud Services vendors are
focusing their efforts on improving the quality of Cloud Services to overcome market
discussed challenges, which will support the increase in Cloud adoption. Furthermore,
and as an example of how the Cloud Market is overcoming the slow take-off, IaaS is
being used for multiple purposes, increasing exposure and successful use of Cloud
Services in multiple contexts such as:
 R&D projects and load testing.
 Building and deploying Web- based applications.
 Moving non-critical and data with no regulation monitoring from expensive data
resources.
 Acting more quickly on IT opportunities without having to wait on IT resources.
 Underlying infrastructure for SaaS and PaaS.
In addition and despite its slow take-off, the article Overcoming the Challenges of Cloud
Reality
12
published by Spirent, the following successful provider use cases for IaaS
Clouds were identified:
 Increased efficiency during a specific contract flow.
 Lowered costs and savings by consolidating servers through virtualization: When
physical severs are under-utilized to the 10-15% average, virtualization allows
them to be used to 40 -50% utilization rate and even up to 75%.
 Increased elasticity and speed of access through the pooling of resources and
leveraging automation, allowing to add aspects such as on-demand self-service.
 Supported application awareness and dynamic resource optimization.
 Programmatic control over resources, allowing to manage resources and
configurations as needed.
12
Spirent®. Overcoming the Challenges of Cloud Reality. May 2011.
http://www.spirent.com/~/media/White%20Papers/Broadband/PAB/Overcoming_the_Challenges_of_
Cloud_Reality.ashx- Consulted on May 31st 2012.

Successful IaaS deployments prove the many advantages of Cloud adoption, leaving
behind the mentioned skepticism regarding data security and the confusion about general
characteristics of the Cloud. Zimory is a good example of successful IaaS deployments,
which will be presented in detail in the following section.
ZIMORY AND SUCCESSFUL
IAAS DEPLOYMENTS
Zimory Cloud solutions, zimory®connect and zimory®manage are an important
example of successful IaaS deployments. zimory®connect enables for example, the
scheduled deployment of resources, allowing users to make unused hosts available for
only the time needed. Zimory software is designed to support fast performance activation
and deployment. Pre-configuration, templates and best practice design decreases the
deployment time for virtual machines substantially to some seconds rather than minutes.
Furthermore, Zimory manages for Deutsche Telekom public Cloud Services for large
companies. High security standards are especially required for virtual private Clouds
working inside public Clouds; this service management becomes a challenge regarding
security issues on software management for public Cloud services offered inside the high
security networks of telecommunication companies. When providing these solutions,
Zimory has successfully demonstrated its ability to meet the challenges of the thorough
security requirements of carrier-grade IaaS management software. One of the main
reasons for this success is that Zimory’s offerings in IaaS management software
13
implement a modular architecture based on SOA design patterns
14
, which offers the
following advantages with regard to security requirements:
 Database isolation
 No single point of failure
 Enterprise application server (JBoss).
 Encrypted inter-system communication authenticated with certificates.
 Clear separation of authentication process from authorization and encryption
which take place separately.
 Widespread use of one-way hash functions for passwords
and secure information.
Taking into account external security:
 Isolated components, realm concepts.
 External LDAP to provide authentication and system authorization.
 External CMDB.
 Gateway component to protect host machines.
 Management infrastructure is protected from VMs.
13
Zimory GmbH, Virtualization Security. Peter Caron. May 2012.
14
Schneider Bruce, Cryptography Engineering: Design Principles and Practical Applications, 2nd Edition. Wiley
Publishing, 2010.

Moreover, governmental customers tend to be conservative and cautious with rigid IT
requirements when it comes to security issues. As an example of the quality of Zimory's
guarantees of system security listed above, Zimory is building the government Cloud for
the Austrian government data center-BRZ, overcoming challenges and increasing
flexibility and reducing CAPEX and OPEX without compromising security standards.
Through these Cloud Services, Zimory demonstrates once more that an independent and
high secure management infrastructure is of key importance to enforce and support
Cloud datacenters with high security standards and policies.
IAAS CLOUD BROKERAGE MODEL
Innovation is a fundamental factor in overcoming the slow take-off of the Cloud
Computing market. It will also contribute to its evolution. The IaaS Cloud Brokerage
business model introduces dynamics to Cloud Service use cases. It will allow three or
more independent parties (providers, traders and buyers) to do business together (buying
and selling products), reducing procurement procedures and verifying closely at the same
time the pre-established trading criteria. All interactions and processes are supported by
the flexibility of Cloud spot-pricing in IaaS Cloud Exchange. IaaS Cloud Services provide
complete management and governance, generating analytics of context and interactions,
all of which complies with security standards. The IaaS Cloud Brokerage model is an
innovative service that confirms the evolution of the Cloud market and how Cloud Service
providers' efforts to innovate their services complying with high security standards.
To better understand the IaaS Brokerage model and to show how it contributes to
overcome the slow take-off of the Cloud Computing market, Gartner published a report
called Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud
Services Delivery
15
, where it identifies six main differences between Cloud Services
Brokerage and standard Cloud Services:
1. Buyers can be different: Buyers can have different ranges, from individuals and
SMBs to large businesses.
Cloud Brokerage cannot modify the actual service implementation or own the technology:
Possibility of integrating or customizing one or multiple Cloud Services.
2. Technology used for integration, customization and management can be different
as can the integration scenarios: Multi-tenancy of shared environments for Cloud
Brokerage technologies for integration and governance.
3. Contract managed differently: Integration of services where the only guarantee of
performance or availability is through the established SLA agreed on in the
customer contract or the brokerage agreement.
4. Channel for Cloud Brokerage may be widely different than those established for
traditional system integrators.
15
Gartner, Inc. Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud Services
Delivery . Tiffani Bova, Daryl C. Plummer. May 2012

5. New Cloud specialists: New Cloud Brokerage specialists coming from other
businesses different from the traditional IT services world, presenting different
marketing messages, different technical and business-related skills, new value
propositions and well- established partner ecosystems dominated by third-party
Cloud-native IT providers.
The IaaS Cloud Brokerage model is based on requirements from the consumer and the
seller which requires independence, demanding compliance with high security standards
for offering and buying of resources, they offer open and complete APIs, which negates
the vendor lock-in, one of the reasons for the slow take-off of the Cloud Computing
market. The IaaS Cloud Brokerage is a prove of how the reasons for the slow take-off of
the Cloud Computing market can be managed and solved. The answer? Innovative and
high-quality software.
The Zimory Cloud Brokerage model responds to the challenges and requirements of the
market described above, based on the Zimory Cloud product technology. The following
image provides a general view of the Zimory Cloud Brokerage solution.
Figure: Components of Zimory Cloud Stack in the Cloud Exchange setup
With the actual buying and selling mechanisms being executed in an external Cloud
Exchange module, the Zimory Cloud Suite has the role of settlement. The buying and
selling can be done in various ways from long-term contracting to a short term stock
exchange model. All of which results in the market required flexibility and adaptability of
Cloud Services.

Every seller on the Cloud Exchange requires at least a single instance of
zimory®connect in each of the datacenters, as a local management hub. This will allow
the Seller to offer services to the marketplace.
In addition, every Consumer in the Cloud Exchange requires at least one
zimory®manage, the entry point for the Consumer and the end-user and provides the
Cloud API. Consumers can use the portal to resell Cloud capacity to end customers, or
use the internal capacity pool for another purpose such as serving their internal Cloud.
The connection between instances is controlled by the Cloud Exchange system. The
Cloud Exchange system outputs certificates that control connection. Therefore, the Cloud
Exchange is able to control the delivery mechanism on-demand and review the
settlement status of transactions.
All Consumer functions are compiled in the zimory®manage component, whereas the
Sellers functional requirements are reflected in the zimory®connect module. Both
modules are also interconnected using an open API, which enables both parties to buy
and sell, without being locked into the technology. This solves, as mentioned above, one
of the main reasons for the slow take-off of the Cloud Computing market.
Management of Connection Certificates
As discussed before, security is one of the main concerns when considering Cloud
adoption. Innovative solutions such as the Cloud Brokerage model, must respond to the
market security demands. In order to do this, the Cloud Exchange requires connection
control between the zimory®connect and the zimory®manage modules. In order to do
this, the Cloud Exchange module – where the trading takes place, delivers the following
information on contracts between partners:
1. Contract parties.
2. Contract volume.
3. Contract time.
With this information, the Zimory platform generates connection certificates that enable a
temporary connection between a specific zimory®connect and a zimory®manage.
The certificates will be generated by the Cloud Exchange module and automatically
pulled by the zimory®manage and zimory®connect instances.
Based on this certificate, the Consumer can utilize the resources and also monitor
consumption of end-users. It can also decouple end-user pricing that suits their business
models.
In conclusion, the importance of Zimory Cloud Brokerage lies in the fact that companies
with multiple datacenters are able to use these solutions to broker various services in
different locations, or to build and support community Clouds, complying with high
technical quality and security standards; to provide general examples a car manufacturer
building can, for example, a Cloud Brokerage Service for their dealer network, airlines
building a Cloud for their agency network, etc.

This variety of use cases along with the high quality technology and security standards
confirm that the slow take-off of the Cloud Computing market can be managed and
overcome by responding to the market specific demands on main aspects such as
security, flexibility, neutrality, technical standardization, etc. with innovative solutions that
comply with these standards and offer many advantages to businesses.
OPEN CLOUD SOLUTION
Well-developed open Cloud solutions are a powerful tool to speed up the adoption of
Cloud Services, since open Cloud solutions are based on the following principles:
 Interoperability
 Elasticity, efficiency
 Open standard formats and interfaces
 No customer lock-in
Zimory Open Cloud Solution
Zimory's new, open Cloud business solution is representative of how an open Cloud
solution can contribute to the evolution of the Cloud Computing market. Offering
European customers improved interoperability and reduced costs fully compliant with the
EU mandate on Data Protection. Zimory Cloud Suite offers user, consumption and
metadata of a service, available in an open standard interface. This provides full
transparency and monitoring of user consumption and data, enabling organizations to
manage costs more efficiently.
Using proven open source technologies as a basic framework, Zimory Cloud Suite offers
a new capacity management tool and monitoring facility capable of fine grained analysis
of usage patterns in large Clouds for extended periods of time. In essence, it allows
technical administrators to run heterogeneous, geographically distributed Clouds
efficiently, whilst still maintaining guaranteed SLAs. All of these characteristics along with
the “made in Germany” quality guarantee and market customers have demonstrated to
have great confidence in Clouds made in Germany, especially because of their quality
and the compliance of data security policies. With our open Cloud solution, Zimory
negates vendor lock-in and addresses issues around data portability, privacy and security
in order to deliver substantial benefits to its global constituents.

CONCLUSION
After analyzing causes for the slow take-off of the Cloud Computing market, it is possible
to make the following conclusions:
 It is necessary to define and standardize clear pricing policies. This will provide
more reliability and credibility to the market, augmenting customer confidence
in Cloud Services.
 SLAs need to be clearly defined, including all possible service scenarios,
prior to Cloud adoption.
 Avoiding market “Cloud washing” will clarify general aspects of the
Cloud Computing market.
 A neutral market place is required in order to maintain provider diversity and
avoid market monopoly and consequently vendor lock-in for customers.
 Technical standardization is a must, especially with regards to data portability,
adaptability, scalability and interoperability.
 The eostablishment of technical and general standards is crucial for increasing
speed of Cloud adoption.
 Data protection and security policies: Customers and providers must be aware of
applicable regulations and legal frameworks for their businesses. Security
continues to be an important concern for customers considering Cloud adoption.
 Providers need to focus their efforts on ensuring that Cloud Services are security
tested in the short-term, in order to solve concerns regarding data protection.
 Zimory offers concrete IaaS solutions supporting standards for interoperability,
scalability, adaptability, openness and flexibility to the Cloud Computing market.
 Zimory's successful deployments constitute a positive precedent for IaaS
deployments in the Cloud Computing market.
 Customers must demand clear and documented description of the Cloud
Service(s) when considering Cloud adoption.
 Customers must make an informed and objective comparison of provider offers in
order to find the right solution, which can be best adapted to their
business needs.
 Providers need to document their offers in a clearly and make them
available for customers.

CONTACT INFORMATION
Zimory GmbH
Revaler Strasse 100,
10245 Berlin
Germany
Email: info@zimory.com
Tel: +49 (0)30 609 85 07-0
For the latest information, please visit www.zimory.com
The information contained in this document represents the current view of Zimory GmbH
on the issues discussed as of the date of publication. Because Zimory must respond to
changing market conditions, this document should not be interpreted to be a commitment
on the part of Zimory, and Zimory cannot guarantee the accuracy of any information
presented after the date of publication. The information represents the product at the time
this document was published and should be used for planning purposes only. Information
is subject to change at any time without prior notice.
This document is for informational purposes only.
ZIMORY MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
© 2012 Zimory GmbH. All rights reserved. Zimory is a registered trademark of Zimory
GmbH in Germany. All other trademarks are the property of their respective owners.

Zimory White Paper: The Cloud's Slow European Take-off

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (16)

Ähnlich wie Zimory White Paper: The Cloud's Slow European Take-off

Ähnlich wie Zimory White Paper: The Cloud's Slow European Take-off (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Zimory White Paper: The Cloud's Slow European Take-off