The rapid growth of hyperscale IaaS platforms that provide serverless and Software management automation services is changing how enterprises can get better Cloud ROI. Heightened security concerns and enabling developer productivity are strategic issues for 2017.

The emergence of hyper-scale Infrastructure as-a-Service (IaaS) platforms such as Amazon Web Services (AWS) that offer serverless computing, DevOps automation and large-scale data management capabilities is changing the economics of software consumption. As SaaS vendors as well as SaaS customers start to operate on the same IaaS platform, why have the enterprise data sit in someone else' virtual cloud environment? Why pay for the data twice?

As DevOps is catching the imagination of mainstream IT and many organizations are gearing up to implement DevOps - does it really deliver the promised Developer Productivity gains? In truth, DevOps is hard to implement and maintain. Only extremely mature and deeply talented IT shops are truly able to implement Continuous Integration/Continuous Deployment pipelines with containers and deal with all of the complexity. Why bother if DevOps is going die with the arrival of serverless computing? Is there really any need for "Ops" at all?

CIO Outlook 1: Rethinking SaaS and Security in 2017

SaaS solutions were born in 2000 with the promise of web-based delivery of hosted software delivered over the internet. SaaS solutions helped reduce the pain and cost associated with upgrades and maintenance headaches of "shrink-wrapped" software. The SaaS business over the last 15 years has disrupted major software platforms and in many ways helped set the stage for wider enterprise adoption of cloud services.

The early success of SaaS helped change customer behavior. Customers became comfortable with data and software running outside of their firewalls. The concept of management by SLAs was in many ways driven by the initial success of SaaS. In the past few years the trend toward SaaS creation and adoption has exploded with the adoption of hyperscale IaaS platforms by SaaS vendors.

This is the great paradox.

The emergence of public cloud IaaS platforms on the one hand is fueling the explosive growth of SaaS, but on the other hand it will kill (or dramatically disrupt) SaaS as it destroys the fundamental value proposition!

Your Cloud or My Cloud?

The trend is unmistakable - public IaaS has won. Major SaaS providers as well as large SaaS buyer enterprises are both migrating and embracing the IaaS cloud by going "all-in." The figure below shows the implications of this migration and shift to hyperscale IaaS platforms. Initially, SaaS providers had their own "vertical" stacks with customer data stored within their data centers. However, corporate anxiety about data assets strewn in multiple SaaS data centers coupled with the realization that data is a corporate asset and a recipe for competitive advantage is driving changes.

Additionally, as both SaaS providers and enterprise SaaS consumers start to operate on the same platform, the SaaS "value-stack" is significantly diminished. Artificial data silos are created for the enterprise when their "SaaS" data is resident right next to their enterprise data, just separated by a contractual boundary.

SaaS buyers in many ways "pay" twice for their data. Once for storing it in the SaaS platform and a second time for backing it up into their "cloud environment" for security or analytical purposes. Many enterprises often overlook the hidden costs associated with SaaS. These include hard network and storage costs associated with copying data back and forth for backup/retention or analytics purposes.

Instead of moving enterprise data to the SaaS platform, why not move the "SaaS" code?

A key tenet of SaaS in 2000 was to help reduce the cost and pain associated with upgrading and maintaining "shrink-wrapped" software. In 2016 and beyond, upgrading and managing software and systems is not as hard as it used to be. Continuous Integration/Continuous Delivery (CI/CD), microservices, serverless computing, and Managed Cloud-Native Services are making it relatively easy to upgrade and deliver software.

If both the SaaS provider and the consumer have access to the same set of tools on the same cloud platform, then what is the real value-add from the SaaS service? Just the software, right?

Upended revenue mode

Over the years most SaaS services have been delivered on a "per user" based annual subscription model. If a SaaS license for one user is $100 per year, and the enterprise bought licenses for 100 users, the enterprise would pay $10,000 per year. In the pre-IaaS days, this might have been great economics for both parties - the SaaS vendor and the SaaS buyer. Not anymore.

Let's assume those 100 users consume 100 GB of space and five cloud servers. The customer adds another 50 users but, because of limited true usage, the storage and compute requirements did not really change much. Why should the customer pay an additional $5,000 for those additional 50 users, if the underlying incremental costs did not change that much?

SaaS buyers are starting to think real hard when deciding between a "per-user" SaaS annual subscription model versus a "cloud-hosted" pay-per-call model that is enabled with Serverless computing.

Security and Compliance

Most newer entrants to the SaaS market underestimate the cost and complexity associated with the "Ops" part of the business. Many SaaS providers struggle with issues around vulnerability management, security scanning, compliance reporting, backup and recovery and service uptime. There are many factors for this. One of them is the changed cybersecurity environment. Buyers are demanding evidence of security best practices. Industry-recognized certifications, such as HIPAA, FFIEC, FedRAMP, or ISO 27001, are increasingly required by customers from SaaS providers. These come at a heavy price.

Experts in platform-as-a-service and cloud computing are seeing some of these pains within the enterprise.

"Pricing, governance and security are key for enterprises consuming multiple SaaS services. It becomes challenging to understand the security footprint of the system as a whole as the number of SaaS services consumed increases," said Derek Collison, CEO and Founder, Apcera.

CIO Outlook 2: Rethinking DevOps in 2017

Every CIO is racing toward DevOps and trying to emulate the trailblazing path laid down by the likes of Netflix and many others. The reality however is that DevOps is hard. The choices are bewildering - Docker, Elastic Container Service (ECS), CloudFoundry or OpenShift? The ability to design, deploy and maintain a DevOps pipeline is a non-trivial task that requires senior (and expensive) talent. There is a better way. Cut out "Ops" entirely. Hyperscale cloud providers such as AWS have been steadily launching "serverless" services that began with AWS Lambda for executing "functions" and paying on a per-call basis. No servers to patch, upgrade, shut down or scale. The figure below shows the customer versus IaaS provider layers of responsibility.

The sophistication and list of available services have grown exponentially. AWS Athena for SQL processing, DynamoDB for NoSQL stores and the list goes on. Getting rid of virtual machine instances and containers and instead adopting a serverless computing model can provide enterprises with the ability to leapfrog the DevOps wave and just focus on Dev. A key benefit is the potential reduction in Total Cost of Ownership (TCO) for serverless applications when considering the operations, maintenance and security overhead.

Making the right strategic decisions is critical for both cloud services buyers and providers to ensure their ability to sustain and thrive in the cloud era. The emergence of serverless computing, alternative software distribution models through cloud marketplaces and pay-per-call transaction pricing offer CIOs a rich canvas to deliver innovation, agility and better security in 2017.

Call-to Action

CIOs looking to make sense of the disruption caused by Cloud, DevOps, and serverless computing should consider adopting best practices for driving transformation from players such as CapitalOne and Walmart. Creating a Tiger team, enabling an Innovation Workbench, and delivering minimum viable projects (MVP) in 4-6 weeks are great ways to start learning about these new technologies.

