Cloud Computing Intro

profileniey
hype_cycle_for_cloud_computi_263850.pdf

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

G00263850

Hype Cycle for Cloud Computing, 2014 Published: 24 July 2014

Analyst(s): David Mitchell Smith

Cloud computing continues to be one of the most hyped subjects in IT, but it is becoming more and more an integral concept in IT overall. This research looks at the different aspects of cloud computing and where the technologies are on Gartner's Hype Cycle.

Table of Contents

Analysis..................................................................................................................................................3

What You Need to Know..................................................................................................................3

The Hype Cycle................................................................................................................................ 5

The Priority Matrix.............................................................................................................................7

Off the Hype Cycle........................................................................................................................... 9

On the Rise...................................................................................................................................... 9

Web-Scale Architecture..............................................................................................................9

Cloud Integrated Infrastructure Services (CIIS).......................................................................... 10

Cloud MDM Hub Services........................................................................................................ 12

Specialist Cloud Service Brokerages.........................................................................................14

Cloud/Client Computing........................................................................................................... 16

Software-Defined Anything....................................................................................................... 18

Customization Brokerage......................................................................................................... 19

Cloud IMDG Services............................................................................................................... 22

DevOps.................................................................................................................................... 24

Container Frameworks..............................................................................................................26

Internal CSB............................................................................................................................. 28

At the Peak.....................................................................................................................................31

Hybrid IT...................................................................................................................................31

Private PaaS.............................................................................................................................32

Cloud API Management............................................................................................................35

Cloud Security Standards......................................................................................................... 37

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

ADLM PaaS..............................................................................................................................40

Enterprise Integration PaaS (iPaaS)...........................................................................................42

Cloud Management Platforms.................................................................................................. 44

Cloudbursting...........................................................................................................................47

Platform as a Service (PaaS).....................................................................................................49

Cloud Service Brokerage.......................................................................................................... 52

Sliding Into the Trough....................................................................................................................55

Application PaaS (aPaaS)......................................................................................................... 55

Big Data................................................................................................................................... 57

Cloud BPM...............................................................................................................................60

Cloud Testing Tools and Service...............................................................................................63

Database Platform as a Service................................................................................................ 64

Hybrid Cloud Computing.......................................................................................................... 67

IaaS+........................................................................................................................................69

Personal Cloud......................................................................................................................... 71

Private Cloud Computing..........................................................................................................74

Private IaaS.............................................................................................................................. 76

Cloud-Based Security Services.................................................................................................77

Real-Time Infrastructure............................................................................................................79

Public Cloud Storage................................................................................................................81

Cloud Office Systems............................................................................................................... 83

Cloud Computing..................................................................................................................... 85

Cloud/Web Platforms............................................................................................................... 86

Climbing the Slope......................................................................................................................... 88

Browser Client OS.................................................................................................................... 88

Enterprise Cloud Email..............................................................................................................90

Infrastructure as a Service (IaaS)...............................................................................................91

Integration Brokerage............................................................................................................... 93

Software as a Service (SaaS).................................................................................................... 96

Sales Force Automation SaaS.................................................................................................. 97

Virtualization............................................................................................................................. 98

Appendixes.................................................................................................................................. 100

Hype Cycle Phases, Benefit Ratings and Maturity Levels........................................................ 102

Gartner Recommended Reading........................................................................................................ 103

Page 2 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

List of Tables

Table 1. Hype Cycle Phases...............................................................................................................102

Table 2. Benefit Ratings......................................................................................................................102

Table 3. Maturity Levels......................................................................................................................103

List of Figures

Figure 1. Hype Cycle for Cloud Computing, 2014...................................................................................6

Figure 2. Priority Matrix for Cloud Computing, 2014............................................................................... 8

Figure 3. Hype Cycle for Cloud Computing, 2013...............................................................................101

Analysis

What You Need to Know

Cloud computing has been and continues to be one of the most hyped terms in the history of IT. Its hype transcends the IT industry and has entered popular culture, which has had the effect of increasing hype and confusion around the term. In fact, cloud computing hype is literally "off the charts" as Gartner's Hype Cycle does not measure amplitude of hype (that is, a heavily hyped term, such as cloud computing, rises no higher on the Hype Cycle than anything else).

As we have stated in previous cloud computing Hype Cycle research, including "Hype Cycle for Cloud Computing, 2013," it is simplistic to look at only the hype around the high-level term. As aspects of the cloud move into mainstream adoption, each technology needs to be looked at separately. There is misunderstanding and confusion specific to each aspect of the cloud, not just to the overall term. There is misuse and miscommunication among users and vendors, making it a subject uniquely suited for analysis using Gartner's Hype Cycle. As usual, in cases like this, there is indeed overhype, but there are also potential benefits. Understanding those benefits requires tearing apart the hype surrounding cloud computing, and looking at the many more-granular topics, which are all part of the cloud phenomenon. This follows the pattern observed with other similarly broad labels, such as "the Internet" and "the Web."

Cloud computing, which itself is represented as a point on the Hype Cycle, is approaching the Trough of Disillusionment. One reason for this is simply cloud fatigue, as the hype surrounding cloud has been present for many years and does not appear to be going away anytime soon. A major reason for this fatigue is "cloudwashing" (painting anything and everything with the cloud term). Vendors and users alike continue to confuse and abuse the term. Vendors use it to sell whatever they have, while users use it to justify investments in projects (such as private cloud). Hosting solutions that have a subscription pricing model, but without shared elastic capabilities, are also being called "cloud." Virtualized automated data centers, often lacking even basic self-service

Gartner, Inc. | G00263850 Page 3 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

capability, much less elasticity (difficult without sharing) and scalability, are called private clouds. As "cloud" is used to apply to an ever-widening set of external services, without regard to the other characteristics that set cloud apart, the term becomes even more unclear. Companies may buy these cloud services and then be surprised to find that they do not get the agility and potential cost savings that they may have expected by moving to what they believe is cloud computing.

Another reason for cloud approaching the Trough of Disillusionment is that, any time there is the slightest cloud outage, headlines announce it. While failures are rare, they affect potentially many and generate high-visibility news. In addition, security and privacy concerns, exacerbated by government surveillance and nationalistic tendencies, continue to cast a cloud over the cloud.

Although cloud computing is approaching the Trough of Disillusionment, it remains a major force in IT. Users are changing their buying behaviors, and although it's unlikely they'll completely abandon on-premises models or soon buy most complex, mission-critical processes as services through the cloud, there is increased interest in agility and innovation as digital business beckons. The transition to digital business can benefit from taking advantage of capabilities that are not easily provided elsewhere.

While the hype has peaked, there is still a tremendous amount of hype around cloud computing. Every IT vendor has a cloud strategy, although many aren't cloud-centric (and sometimes are heavily cloudwashed, with nonelastic contracts obviating cloud benefits). Variations, such as private cloud computing and hybrid approaches, compound the hype and reinforce the fact that one entry on a Hype Cycle cannot adequately represent all that is cloud computing.

Our continued research on cloud computing looks broadly at the big picture, as well as the details of cloud computing and the many issues facing enterprises. With hype comes confusion. While cloud computing is at its core a very simple idea — consuming and/or delivering services from the cloud — there are many issues regarding the types of cloud computing and the scope of deployment that make the details not nearly so simple. Everyone has a perspective and an opinion, and although some aspects are coming into focus, confusion remains the norm. Many misconceptions exist around potential benefits, pitfalls and, of course, cost savings. Cloud is often part of cost-cutting discussions, even though its ability to cut costs is not a given. There are many reasons to talk about the capabilities enabled by cloud computing — agility, speed and innovation — and these are more often the desired and delivered benefits (as evidenced by Gartner CIO surveys, which show that agility accounts for 50% of the reasons for going to the cloud, versus 14% for cost savings). These are the potential benefits that can be overlooked if hype fatigue sets in. This Hype Cycle is a tool that people under pressure to buy into something that is useful, but not fully mature, can use to avoid awkward mistakes, while exploiting the advantages of cloud as quickly as possible.

This Hype Cycle identifies which aspects of cloud computing are still primarily in the hype stage, which applications and technologies are approaching significant adoption, and which technologies are reasonably mature. There continues to be a seemingly never-ending supply of new concepts that enter the market and are attempting to "piggyback" onto the cloud hype. There are many aspects of cloud clustered around the Peak of Inflated Expectations. Cloud computing itself is now significantly past the Peak of Inflated Expectations and approaching the Trough of Disillusionment.

Page 4 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Although the term "cloud computing" is relatively new, it incorporates derivations of ideas that have been in use for some time. Hosting, software as a service (SaaS) and virtualization are well- established and are being used in many ways. As a result, some uses of cloud computing are mature (such as SaaS, virtualization and infrastructure as a service [IaaS]), but outside that, maturity of many cloud-related technologies and concepts is spotty. Some concepts born in the cloud have begun to take on largely hyped lives of their own. For example, private cloud computing and platform as a service (PaaS) are now hyped as much as the term "cloud." Big data is also becoming a popular term and phenomenon. One term in particular, "hybrid cloud computing," is, in many ways, replacing cloud computing as an amorphous catch-all category that vendors (and users) are using as the overall umbrella term.

New on the Hype Cycle for 2014 is Web-scale architecture and cloud/client computing.

The Hype Cycle

This Hype Cycle covers a broad collection of concepts and technologies associated with cloud computing (see Figure 1). It is the sixth instance of this Hype Cycle.

Gartner, Inc. | G00263850 Page 5 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Figure 1. Hype Cycle for Cloud Computing, 2014

Innovation Trigger

Peak of Inflated

Expectations

Trough of Disillusionment Slope of Enlightenment

Plateau of Productivity

time

expectations

Plateau will be reached in:

less than 2 years 2 to 5 years 5 to 10 years more than 10 years obsolete before plateau

As of July 2014

Specialist Cloud Service Brokerages Cloud/Client Computing

Software-Defined Anything

Customization Brokerage

Cloud Security Standards Cloud API Management

Private PaaS

ADLM PaaS

Big Data

Enterprise Integration PaaS (iPaaS)

Cloud Management Platforms

Platform as a Service (PaaS)

Cloud BPM

Hybrid Cloud Computing

Personal Cloud Private Cloud Computing

Database Platform as a Service

IaaS+

Private IaaS

Cloud Testing Tools and Service

Cloud-Based Security Services Real-Time Infrastructure

Application PaaS (aPaaS)

Public Cloud Storage

Cloud Office Systems

Cloud Computing Cloud/Web Platforms

Enterprise Cloud Email Infrastructure as a Service (IaaS)

Software as a Service (SaaS)

Virtualization Sales Force Automation SaaS

Web-Scale Architecture

Cloud Integrated Infrastructure Services (CIIS)

Cloud MDM Hub Services

DevOps

Internal CSB

Cloudbursting

Cloud Service Brokerage

Browser Client OS

Cloud IMDG Services

Integration Brokerage

Container Frameworks

Hybrid IT

Source: Gartner (July 2014)

Page 6 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

The Priority Matrix

Most cloud computing technologies and concepts are more than two years from mainstream adoption, with some exceptions, such as certain types of SaaS (for example, sales force automation). Many cloud technologies and concepts will see mainstream adoption in two to five years. Some more impactful items include application platform as a service (aPaaS) and private cloud computing. Some technologies and concepts will take five to 10 years for mainstream adoption to occur (see Figure 2).

Gartner, Inc. | G00263850 Page 7 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Figure 2. Priority Matrix for Cloud Computing, 2014

benefit years to mainstream adoption

less than 2 years 2 to 5 years 5 to 10 years more than 10 years

transformational Virtualization Cloud Computing

Hybrid Cloud Computing

Platform as a Service (PaaS)

Big Data

DevOps

Internal CSB

Real-Time Infrastructure

high Application PaaS (aPaaS)

Cloud API Management

Cloud BPM

Cloud IMDG Services

Cloud Office Systems

Cloud Security Standards

Cloud Testing Tools and Service

Cloud/Web Platforms

Cloudbursting

Enterprise Integration PaaS (iPaaS)

Hybrid IT

Infrastructure as a Service (IaaS)

Personal Cloud

Private Cloud Computing

Private IaaS

Private PaaS

Public Cloud Storage

Specialist Cloud Service Brokerages

Cloud Management Platforms

Cloud Service Brokerage

Cloud/Client Computing

Software-Defined Anything

Web-Scale Architecture

moderate Sales Force Automation SaaS

Software as a Service (SaaS)

Browser Client OS

Cloud Integrated Infrastructure Services (CIIS)

Cloud-Based Security Services

Database Platform as a Service

Enterprise Cloud Email

IaaS+

Integration Brokerage

ADLM PaaS

Cloud MDM Hub Services

Container Frameworks

Customization Brokerage

low

As of July 2014

Source: Gartner (July 2014)

Page 8 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Off the Hype Cycle

In this iteration of the Hype Cycle for cloud computing, we do not include infrastructure utility services (IUS). As the service market matures in its recognition of cloud services, Gartner has defined IUS as a form of outsourcing, which is not a cloud service, and so it is on another Hype Cycle.

On the Rise

Web-Scale Architecture

Analysis by: Nathan Wilson

Definition: Web-scale application architecture focuses on designing software than can be rapidly modified to meet new business needs. Systems designed with good SOA architecture, extensible APIs and flexible models will increase their maximum development velocity. Horizontal scalability supports progressive deployment as well as the ability to expand to meet high throughput requirements.

Position and Adoption Speed Justification: Over the last few years, an increasing number of IT organizations have attempted to adopt Web-scale continuous flow development models. Many of these organizations have found that one of the early constraints that are limiting the flow of the new functionality is the architecture of the system. Web-scale architecture is a response to this reality. Gartner recommends that an organization achieve a moderate to high level of competency in project-level agile development before attempting a Web-scale continuous model. This limits the number of clients that are able to fully exploit Web-scale architecture.

This style of architecture is typically seen among advanced practitioners of Web-scale software development, placing Web-scale architecture very early in the Hype Cycle. Since Web-scale architecture is a critical part of successful Web-scale development, it is expected to reach the plateau at about the same time.

User Advice: Many of the principles of Web-scale architecture are based on well-established service-oriented architecture (SOA) and cloud-native design practices. Start to adopt the following architectural patterns to improve your software today, and to prepare for Web-scale development in the future:

■ Service-oriented architecture — Break software into modular pieces to reduce change conflicts.

■ Extensible and versionable APIs — Already an SOA best practice, this is essential to allow services to be deployed independently.

■ Agile architecture — The software design needs focus on building the most flexible design.

■ Basic availability, soft-state, eventual consistency (BASE) transactions — Moving from atomicity, consistency, isolation and durability (ACID) to BASE transactions will support horizontal scalability and allow for progressive deployments.

Gartner, Inc. | G00263850 Page 9 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Business Impact: In Web-scale architecture, Web-scale software is designed to support large and variable workloads by deploying it into an arbitrarily large number of cloud-based servers. The architecture allows for the safe upgrade of individual services and the interoperation of different versions of the same server to allow for the progressive deployment of new code across as set of servers. Progressive deployment allows for the early detection of operational issues of new software, and a quick and easy way to back out problematic changes.

The use of Web-scale application architecture patterns will enable the IT department to better keep up with rapidly changing business needs in most organizations today. To take full advantage of this responsiveness, the business will have to forge a new collaborative relationship with IT. Agile development has transformed the way the IT is done. Web-scale IT is increasing the scope and speed of this change. The role and goals of the application architect will have to change significantly to support this new model.

Benefit Rating: High

Market Penetration: Less than 1% of target audience

Maturity: Embryonic

Recommended Reading:

"The Impact of DevOps and Web-Scale IT on Application Development"

"The Impact of Agile on Application Architecture"

"Next Practices in Application Architecture: What We Learn From Big Web Sites"

Cloud Integrated Infrastructure Services (CIIS)

Analysis by: Yefim V. Natis; Lydia Leong

Definition: Cloud integrated infrastructure services (CIISs) offer integrated IaaS and PaaS capabilities. The degree of integration may vary, but includes the use of a single self-service portal and catalog, shared identity and access management, and unified billing. An application can efficiently span both environments within an integrated, low-latency network context. CIISs are typically offered by one vendor supporting the entire technology suite, though some partner components may also be included and integrated.

Position and Adoption Speed Justification: Both IaaS and PaaS are used as foundation services for application development and deployment. Since IaaS offers unfettered access to the underlying operating system (OS), it allows the customer to have full control over the environment, and thus can be used not only for cloud-native work, but also for retrofitting existing precloud middleware, applications and skills, as well as for hosting development and test stages of enterprise-internal software projects. It is also a preferred choice when the subscriber wants full control of the software infrastructure, cloud or otherwise. PaaS is designed primarily for new cloud application projects (development, integration and others), though the cloud-based PaaS (like CloudBees RUN@cloud or MuleSoft Cloud) are partly backward-compatible on software and skills as well. PaaS is the

Page 10 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

preferred choice for projects that value productivity and reduced complexity. Cloud-native PaaSs (like salesforce.com's Force.com and Dell Boomi) are new, typically high-productivity platforms with programming models used exclusively for cloud-native application projects. PaaS provides greater ease of management and may improve developer productivity, but the customer gives up some control over the full execution environment. Most organizations across different projects need services of all three types: IaaS for environments that are fully controlled by the customer (which will include most legacy migration or development/test projects), cloud-based PaaS for advanced cloud and hybrid projects, and the high-productivity cloud-native PaaS for rapid cloud outcomes.

Most cloud service providers enter the cloud services market with one category of service: IaaS, PaaS or SaaS, and over time tend to expand. SaaS naturally expands to PaaS to support extension and integration of their business offerings (for example, salesforce.com offered Force.com). IaaS providers expand to PaaS to broaden their services, attract new customers and increase subscribers' productivity. In some cases, IaaS providers directly integrate PaaS capabilities — for example, Amazon Web Services offers capabilities such as DynamoDB and ElastiCache — resulting in a CIIS offering. Other IaaS providers may have a separate PaaS offering; for instance, IBM has SoftLayer for IaaS and the Codename: BlueMix PaaS in preview, and CenturyLink has CenturyLink Cloud for IaaS and AppFog for PaaS. Over the last two years, the PaaS-first vendors have begun to offer their own IaaSs: Microsoft added Virtual Machines to Microsoft Azure, Google added Compute Engine to Google Cloud Platform and Oracle is planning a similar offering.

With PaaS vendors offering IaaS and IaaS vendors offering PaaS, the distinction between the two has become less pronounced. There is pure IaaS with users bringing their own middleware licenses, IaaS+ where users provision machine images that include middleware (as in Amazon Marketplace), managed PaaS where users provision middleware instances, but retain some access to the underlying infrastructure (as in Engine Yard), there are PaaSs where users provision opaque stacks of middleware service, but IaaS is utilized "under the hood" (as in Heroku), and finally there are PaaSs where opaque services do not require virtualization at all (as in Force.com).

The increasing availability of integrated IaaS and PaaS offered by some of the IT megavendors offers the opportunity for users to combine the different models of application infrastructure in a shared environment. Users may select a combination of an application platform as a service (aPaaS) with a DBMS deployed on a virtual machine (VM), or migrate an unchanged application to the IaaS platform and connect it to cloud in-memory caching services. Users can place some data in DBMSs on dedicated VMs for added protection, other data on a database platform as a service (dbPaaS) for efficiency and access both from applications on either platform. Furthermore, the limitations of a PaaS's restrictions may be partially overcome by deploying instances of that PaaS on VMs, as in Google App Engine's Managed VMs.

Although, today, such combined application arrangements in enterprise settings are rare, we expect them to gain significant popularity and adoption in the next 12 to 24 months.

User Advice:

■ Consider combined use of IaaS and PaaS when looking to assemble precloud applications and data with new cloud-native application projects.

Gartner, Inc. | G00263850 Page 11 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ When looking at the combined use of IaaS and PaaS, recognize that most vendors' competence is not equal on both sides and the maturity of the two offerings is not equal either. Carefully examine capabilities of all candidate services separately, without the assumption that all services of the provider are of the same maturity, functional completeness or quality of service.

■ Evaluate the degree of integration between IaaS and PaaS services. It can range from minimal to seamless and can produce substantial differences in productivity and costs of the project.

■ Use PaaS for pure cloud-native projects and IaaS for pure legacy migration projects. Consider the combination of IaaS and PaaS in other scenarios.

Business Impact: A flexible and efficient combination of IaaS and PaaS will offer enterprises a more natural ramp up to cloud computing and, consequently, will increase the rate and scope of adoption of cloud by mainstream IT.

A Web-scale CIIS will become a platform of choice for advanced software engineering projects because of its combination of power and productivity. All leading IaaS providers will aim to compete in this market.

Adoption of CIIS will likely establish new strategic relationships between the IT megavendors and enterprises. These new cloud-centric relationships will challenge the incumbents and may shake-up the IT industry leadership. New cloud-born vendors may enter and old enterprise giants may exit.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Amazon Web Services; Google; IBM; Microsoft

Cloud MDM Hub Services

Analysis by: Bill O'Kane

Definition: Cloud master data management (MDM) hub services are either multitenant data mastering services offered as software as a service (SaaS) or for assembly and development as platform as a service (PaaS). MDM hubs are the physical result of an MDM implementation, and can take the form of multiple implementation styles.

Position and Adoption Speed Justification: At present, nearly all MDM software is implemented on-premises, and many industries (financial services, for example) are reluctant to place important, frequently-shared information (such as customer or financial master data) outside of a firewall. In addition, there is resistance to the idea that the governance and stewardship of one's primary information assets can be operated from outside of the firewall, even if the policy formulation itself remains work that takes place on-premises by business users. Privacy issues have also dampened adoption of SaaS in some regions such as Europe. However, on-premises MDM solutions are increasingly being integrated with SaaS-based business applications, such as those of

Page 12 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

salesforce.com, and various cloud-sourced data services (such as data quality or data integration as a service) that can help with on-premises MDM implementations. In addition, a few of the established MDM vendors have recently brought cloud versions of their MDM offerings to market in anticipation of future demand, generating increased hype, if not yet actual uptake.

Gartner is seeing an increase in interest in cloud MDM hub services in 2014 from end user organizations, although they are still a very small component of the overall MDM market spend. Less than 4% of our MDM inquiries in the previous year had a cloud-based element (up from 3% a year ago). Service providers and vendors, including Cognizant, IBM, Informatica, Oracle, Orchestra Networks, and Tibco are among those with cloud MDM hub services, though some of these offer less functionality than their on-premises counterparts. Several other MDM vendors, including Riversand Technologies and Stibo Systems, have cloud MDM hub service implementations — or offer such support only as a proof of concept — but are not aggressively marketing them. Finally, Dell Boomi (a leader in the integration platform as a service market) has also recently introduced a cloud MDM hub services offering, with no on-premises option.

User Advice: As cloud MDM hub services become more mature, and if you are an early adopter, consider implementing these solutions if you don't have the in-house skills, if funding out of operating expenses is more acceptable than out of capital expenses, and if the planned MDM capability is restricted in scope to mainly one functional group within your organization (or is initiative-specific and suited to a consolidation-style implementation mainly used for analysis and reporting purposes). If you are implementing an enterprisewide operational MDM capability that requires tight, real-time, potentially transactional integration with existing and new business applications, or that requires complex workflow and application interaction patterns, then execute the MDM solution on-premises or in a private cloud behind the firewall.

Organizations with complex requirements should not assume that they will significantly lower their total cost of ownership, or reduce complexity, by moving to cloud MDM hub services. However, organizations with tight capital budgets, those that have constrained IT resources, or those that want to deploy something simple quickly, should consider these services, as long as they mitigate their risks with appropriate governance controls.

Business Impact: The availability of cloud MDM services potentially offers organizations new funding models, deployment flexibility and improved time to value. However, in common with other cloud offerings, cloud MDM services may become more expensive as the years go by because the operating expense does not decrease in subsequent years. These services will also be potentially helpful to companies that do not have the IT resources to deploy and maintain on-premises software.

Cloud-based technologies often lead to greater fragmentation of the enterprise's software infrastructure and applications portfolio into a hybrid IT model. In contrast to the vision of an on- premises applications portfolio dominated by a single vendor's suite, many organizations are moving toward a hybrid mix of on-premises and cloud-based business applications. End-to-end business processes will, however, need to be optimized across these multiple platforms and systems and, because master data is the most heavily shared information in an organization, there is often a need to build a great deal of complex integration into the MDM system, the contributing

Gartner, Inc. | G00263850 Page 13 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

data sources and the end-to-end processes. Due to the level of complexity involved in a typical MDM implementation, best practices around cloud integration should be strictly followed. Organizations with sensitive data may well feel that master data can't be put in a public cloud, but a private cloud is fine because the data is effectively within the firewall. In either case, there are real benefits to be realized in the areas of rapid prototyping and development, reduced infrastructure costs, and the relegation of MDM software upgrades (which are often quite complex and risky) to the service provider.

Benefit Rating: Moderate

Market Penetration: Less than 1% of target audience

Maturity: Emerging

Sample Vendors: Cognizant; Dell Boomi; IBM; Informatica; Oracle; Orchestra Networks; SumTotal Systems; Tibco Software

Recommended Reading:

"The Impact of Cloud-Based Master Data Management Solutions"

"The Advent of Master Data Management Solutions in the Cloud Brings Opportunities and Challenges"

"Three Trends That Will Shape the Master Data Management Market"

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

"Data in the Cloud: The Changing Nature of Managing Data Delivery"

Specialist Cloud Service Brokerages

Analysis by: Michele Cantara

Definition: Specialist cloud service brokerages (CSBs) — previously called pure-play CSBs — are service providers that combine some consulting, system integration and outsourcing capabilities with cloud services, while playing the roles of CSB aggregation, integration and customization brokerage that are central to their business models. Specialist CSBs are usually emerging vendors that design, implement and manage cloud-first solutions.

Position and Adoption Speed Justification: CSB is an IT role and business model in which a company or other entity adds value to one or more public or private cloud services on behalf of one or more consumers of that service via three primary roles — aggregation, integration and customization brokerage (see "Cloud Services Brokerage Is Dominated by Three Primary Roles"). A CSB enabler provides technology to implement CSB functionality, while a CSB provider supplies the people and methodologies to implement and manage CSB-related projects. A CSB may be a provider and an enabler at the same time.

Page 14 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Specialist CSBs are relatively new entrants into the services market and, for this reason, they are in a post-trigger position on the Hype Cycle.

Specialist CSBs are more likely to deliver cloud-first systems for customers, while established outsourcers and system integrators (SIs) are more likely to deliver enterprise-class systems. Enterprise-class systems see mobile, social and cloud as edge participants in the environment. They are designed for enterprise first, cloud and the rest last, as external requirements. Global-class applications, in contrast, are designed to be consumed as globally exposed services by other cloud services by their mobile and social counterparts, and to consume globally available mobile, social and cloud services. They are designed for cloud computing first, as the primary design objective (see "The Nexus Effect and How the Nexus of Forces Alters Established Architecture Models"). Specialist CSBs may assume any or all of the three CSB primary roles.

In many ways, the specialist CSB market is reminiscent of the early market for e-business service providers. New e-business consultancies, such as Answerthink, Breakaway Solutions and marchFIRST, were formed specifically to address market demand for Internet and e-commerce consulting in the late 1990s. Much more nimble and much more Internet-savvy than large, traditional IT service providers, the e-business consultancies capitalized on the demand for e- commerce. Low barriers to entry and investor appetite for Internet startups led to a proliferation of dot-com vendors (see "After Surviving the Dot-Com Meltdown, Is a 'Cloud Meltdown' Inevitable?"). Like dot-com startups in the late 1990s, specialist CSBs are ahead of many established outsourcers and SIs when it comes to intermediation in CSB aggregation, integration and customization (see "Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud Services Delivery").

Today, nimble and cloud-savvy specialist CSBs such as ActiveState, Appirio, Cloud Sherpas, eBuilder and Revevol are forming, because barriers to entry into the CSB market are so low and demand is so high. If e-business history repeats itself, the maturation of the specialist CSB market should also take roughly five years. This is approximately how long it took for the unique capabilities of the dot-com specialists to become an intrinsic part of most of the IT services we consume today. We can see early evidence of this in the adoption of specialist CSBs by more-established outsourcers and SIs that are acquiring pure-play CSBs in much the same way that traditional IT service vendors acquired or allied with dot-com consultancies a decade ago.

User Advice:

■ When cloud services are the center of a desired solution, use the CSB selection and evaluation criteria versus the traditional IT service criteria (see "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role"), because the CSB attributes address a different set of requirements.

■ Specialist CSB customers should plan for contingencies (for example, being prepared to take on the role of an internal brokerage or using alternative service providers), because the CSB model is relatively immature and the CSB provider landscape will continue to evolve during the next five years.

Gartner, Inc. | G00263850 Page 15 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Specialist CSBs are often the targets of acquisitions by larger Sis; therefore, CSB customers should beware of impacts caused when smaller specialist CSBs are acquired by larger firms.

Business Impact: Specialist CSBs have a "high" business impact for several reasons:

■ They offer accessible services to individual consumers, small or midsize businesses (SMBs) and large enterprises. This range of buyers is seldom served by traditional IT services providers exclusively. Normally, large, global SIs, for example, focus exclusively on enterprise-size organizations (1,000 or more employees) with complex company issues, where highly customized solutions are developed and managed from beginning to end. In contrast, smaller companies will directly deal with a local value-added reseller (VAR), individual cloud providers (such as salesforce.com, Google or Amazon), communications service providers (CSPs), or national or regional SIs acting as CSBs to manage all their cloud service needs. These smaller IT providers will handle the massive market opportunity represented by SMBs (fewer than 1,000 employees). The large IT providers are neither interested in handling them nor can typically service them profitably.

■ Like e-business startups, specialist CSBs signal an inflection point in the market where critical new skills (such as cloud intermediation) are being introduced, where they will be absorbed into and have lasting impact on mainstream computing capabilities and IT service delivery.

■ Although specialist CSBs are typically smaller, emerging vendors, they have demonstrated their ability to produce differentiated and lasting business value for SMBs as well as for large enterprise clients.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: 9 Spokes; AppDirect; Appirio; Atlantic Technology; Celigo; ComputeNext; Duncan; Gravitant; LTech; Nephos Technologies; Revevol; Skyvva; Standing Cloud; TrustWeaver; Zimory

Recommended Reading:

"A CIO Primer on Cloud Services Brokerage"

"Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud Services Delivery"

"Essential Provider Selection Criteria to Use When Outsourcing the CSB Role"

Cloud/Client Computing

Analysis by: David Mitchell Smith; David W. Cearley

Definition: Cloud/client computing inverts the model popularized by client/server computing decades ago. In client/server computing, the server primarily replied to requests made by the client.

Page 16 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

In cloud/client computing, the cloud acts as the coordination point and system of record, while applications span multiple clients — often simultaneously — and expose their capabilities via APIs and service interfaces. The client concept goes beyond devices and today centers on mobile.

Position and Adoption Speed Justification: Cloud/client computing incorporates computing aspects and concepts in two main areas: development- and architectural-focused and human- focused. The development and architectural issues include cloud native development, mobile architectures, multichannel and ensemble interactions, context aware computing, service-oriented architecture (SOA), Web-oriented architecture (WOA), Web/cloud platforms, cloud mobile back-end services, APIs and API management. The human-focused issues include personal cloud, user experience, consumerization, bring your own device and intelligent assistants. Some aspects of cloud/client computing are further along than others. Overall, the concept is relatively new. Cloud/ client approaches will be central to digital business and the Internet of Things.

User Advice: Assume that aspects of cloud/client computing (including, of course, cloud and mobile, but also Internet of Things and social) will drive most new projects. While "client" mostly means "mobile" today, it does not exclusively mean mobile or any particular device. Support for heterogeneous platforms and ensemble interactions will increasingly be a requirement. Organizations should seek out tools and technologies that facilitate multiplatform, heterogeneous environments, and those that ease movement of code between clients and cloud platforms. Architectural decisions should utilize SOA principles, applying newer, simpler mechanisms and lighter-weight technologies. Approaches need to utilize global-class concepts (e.g., treat internal as external) and will require different security and management models from traditional enterprise approaches. Even though the actual application will usually be back-end controlled, design should be person-centric and focused on the human experience, not simply back-end application functionality.

Business Impact: Cloud/client computing and its components enable next-generation digital business. First appearing in consumer scenarios, examples include multiroom DVR and other "follow me" capabilities. Reuse of existing skills and assets will help organizations advance beyond today's environments. Competitive advantages await those that are able to harness the capabilities client/cloud enables. Opportunities will also abound for those that provide tools that help in multichannel ensemble environments and span client and cloud platforms.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Apple; Google; IBM; Microsoft

Recommended Reading:

"The Top 10 Strategic Technology Trends for 2014"

Gartner, Inc. | G00263850 Page 17 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Software-Defined Anything

Analysis by: Philip Dawson

Definition: Software-defined anything (SDx) is a collective term that encapsulates the growing market momentum for improved standards for infrastructure programmability and data center interoperability driven by automation inherent to cloud computing, DevOps and fast infrastructure provisioning. As a collective, SDx also incorporates various initiatives like OpenStack, OpenFlow, the Open Compute Project and Open Rack, which share similar visions.

Position and Adoption Speed Justification: The trend to use the terminology "software defined" started with software-defined networking (SDN), which enables a separation of the networking logic and policies into software, from the individual devices. Because SDN separates the hardware and software, this potentially decouples the purchasing decision and may allow the adoption of generic hardware, which would become very disruptive. As SDx matures, the scope to extend this concept to servers and storage will grow as well. While SDx is cloud like, SDx does not generally include self-selection, metering and chargeback models.

Individual SDx terms range from embryonic to beyond the Peak, although the collective term is emerging. SDx is achieved through the concept of an infrastructure policy framework and interoperability through open APIs (although not necessarily standard APIs). Gartner takes this concept one step further in that the future of IT infrastructure will be model-based, with business KPIs (such as throughput, uptime, response time, input/output per second, etc.) driving the selection of infrastructure to meet the service needs, which in turn fosters repeatable engineering and a direct connection between business requirements and infrastructure. The goal of SDx is to abstract conventional, proprietary vendor hardware/software-specific implementations so that users have less lock-in and more vendor choice over time. Most SD initiatives start life as vendor-led strategies that encourage the creation of communities around proprietary interfaces, and true interoperability only follows as the market commoditizes. Relative maturity and the speed of evolution between different SDx definitions also vary widely.

SDx is seen by vendors as a way of abstracting infrastructure away from the software, management and high availability (HA)/disaster recovery (DR) characteristics of a given workload. Across the spectrum of SDx definitions, true standards and interoperability are weak, and mechanisms for defining and policing standards are only slowly emerging. Many vendor differentiation claims focus on basic infrastructure positioning or, at best, infrastructure and platform delivery. In order to achieve full potential, SDx messaging that is aimed at transforming hardware deployment must venture more aggressively into the application and software space. Some SDx definitions are more naturally suited to workload transformation. OpenStack, for example, defines APIs and functionality of the infrastructure and is supported by many vendors, thus delivering a standard interoperability layer that can counter Amazon APIs. An additional benefit of new APIs is that new applications can be written to bring new value at the automation layer. This will potentially create a whole new industry segment.

Meanwhile, it is very easy for some vendors to blur the distinction between different SDx definitions, or between an SDx definition and its "Open" stack counterpart. For instance, SDN and OpenFlow are closely related initiatives to drive more open networking standards; they are not analogous to

Page 18 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

each other. Similarly, OpenStack is an example of an SDx that will be supported by most relevant vendors, but many of them will seek to create alternative SDx approaches to benefit their own platform characteristics. Therefore, a vendor may be a nominal member of the OpenStack community, but in reality prefer its own SDx to OpenStack (to monetize it or enable greater technology lock-in). SDx definitions may also be thinly disguised variants of existing concepts; for instance, most of the implementations of software-defined storage (SDS) today are really variants of the storage resource management (SRM) concept that has been commonplace for a decade.

User Advice: SDx provides a way for vendors to leverage their installed base presence to drive broader ecosystem acceptance from users and partners in their own domains. In doing so, there is a danger that this defeats the purpose of greater substitutability and commoditization. Across domains, standards are patchy (and some will take years to evolve), but SDx represents a powerful set of trends that will become increasingly tangible over time — especially where they force vendor collaboration that benefits user choice and heterogeneity. Over time, as SDx matures, the development of standards that multiple vendors align with will drive broader infrastructure component choice and interoperability — likely to form vendor alliance ecosystems from their internal partnering, rather than being fully open in the medium term. Properly positioned and articulated, SDx will become the next level of differentiation, integration and management of infrastructure/platform positioning and needs across multiple vendors in a client portfolio.

Business Impact: As individual SDx technology silos evolve and consortiums arise, look for emerging standards and bridging capabilities to benefit your portfolio, but challenge individual technology suppliers to demonstrate their commitment to true interoperability standards within their specific domains. While openness will always be a claimed vendor objective, different interpretations of SDx definitions may be anything but open. Vendors of SDN (network), SDDC (data center), SDS (storage), SDC (compute) and SDI (infrastructure) technologies are all trying to maintain leadership in their respective domains, while deploying SDx initiatives to aid market adjacency plays. So vendors who dominate a sector of the infrastructure may only reluctantly want to abide by standards that have the potential to lower margins and open broader competitive opportunities, even when the consumer will benefit by simplicity, cost reduction and consolidation efficiency.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Cisco; EMC; HP; IBM; Intel; Microsoft; NetApp; Symantec; VMware

Customization Brokerage

Analysis by: Michele Cantara

Definition: Customization brokerage is one of the three primary roles (aggregation, integration and customization) for a cloud services brokerage (CSB). A customization brokerage is a service provider that adds layers of functionality to cloud services without modifying the actual cloud services. This could mean adding a new look and feel to the service, combining services, or layering

Gartner, Inc. | G00263850 Page 19 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

new data and process functions on top of those services. In practice, customizing a cloud service is difficult to do without some form of aggregation and integration.

Position and Adoption Speed Justification: CSB is an IT role and business model in which a company or other entity adds value to one or more public or private cloud services on behalf of one or more consumers of that service via aggregation, integration and customization brokerage (see "A CIO Primer on Cloud Services Brokerage"). A CSB enabler provides technology to implement CSB functionality, while a CSB provider supplies the people and methodologies to implement and manage CSB-related projects. A CSB can be a provider and an enabler at the same time.

Customization brokerage is characterized by the following:

■ It features new functionality through customized, refaced or recombined services. Layered additions to the functionality of the original service are provided through a new look and feel, as well as added processes and data.

■ The changes do not modify the implementation of existing cloud services. Existing cloud services are customized around their APIs, and the original underlying service implementation is not altered.

■ There is frequent use of platform as a service (PaaS) to create new, composite applications, analytics and reports that expand on the business logic in existing, underlying SaaS or business process as a service (BPaaS). For example, PaaS vendors who offer CSB-enabling business process management (BPM) technology — such as Appian, Fujitsu, OpenText and Vitria — act as a customization brokerage when they provide consulting and system integration services to create new cloud-centric composite applications and business processes from existing cloud services. (See "MarketScope for Business Process Management Platform as a Service.")

■ It can use a one-to-many delivery model where the CSB may customize one cloud service for many customers, or a many-to-one delivery model where the CSB aggregates and layers additional functionality on top of multiple cloud services to provide value to a single customer.

Of the three roles for CSB, customization brokerage is the most nascent, as organizations are initially focusing on accessing cloud marketplaces from aggregation brokerage and connecting cloud services through integration brokerage. (See "Integration Brokerage Offers Intermediation for Cloud Services Brokerage and B2B E-Commerce.") Most CSBs that play the role of customization brokerage are also providers of integration brokerage. The two roles often go hand in hand.

The prepeak positioning of customization brokerage and its long time to plateau reflect the new cloud-centric skills that CSBs need to develop. Currently, emerging specialist CSBs are more likely to have cloud-centric customization skills, while established outsourcers and system integrators (SIs) who act as CSBs are more likely to leverage their custom application development capabilities that are a predominant focus of enterprise-first cloud solutions. The market for specialist CSBs needs to mature and the sourcing behaviors of enterprises need to expand to include these new entrants for customization brokerage in order to reach the time to plateau in 5 to 10 years.

User Advice:

Page 20 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Consider customization brokerage if the primary focus of your solution is cloud-centric and involves multiple cloud services, and if traditional IT services (such as consulting, system integration, application outsourcing or business process outsourcing) are a secondary, rather than primary, focus.

■ Favor CSBs with metadata and model-driven platforms for customizing business processes, information and user experiences that match your organization's unique needs (see "Systems of Differentiation and Innovation Require Different Types of Model-Driven Application Platforms").

■ Look for CSBs with strong technology enablers for tailoring business processes, information and user experience governance, as well as service-level agreement (SLA) management and application service governance to meet your organization's specific requirements.

■ Select CSBs with strong technology platforms that enable shared business process visibility with users, IT, and selected service providers and that enable the CSB to see the impact of business process, information, user experience and SLA changes.

Business Impact: A customization brokerage addresses the concerns of potential cloud consumers who have reservations about using cloud services because of their perceived inflexibility. It also makes more functionality accessible to more buyers and can accelerate the time to solution. The advent of specialist CSBs that can use various technologies to produce differentiated customized business processes, information and user experiences, while still preserving the benefits of a one-to-many delivery model, will ultimately drive adoption of the CSB model.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Apigee; Appian; Appirio; Atlantic Technology; Cloud Sherpas; Covisint; EdgeCast; Exostar; Gravitant; Happiest Minds Technologies; LTech; Parallels; Revevol; Statera; Synnex; Tata Consultancy Services (TCS); Xignite

Recommended Reading:

"Four Best Practices for Customization Brokerage of Business Processes in the Cloud"

"2014 Strategic Road Map for Business Process Innovation in Hybrid IT"

"A CIO Primer on Cloud Services Brokerage"

"Cloud Services Brokerages Challenge Traditional IT Service Providers for Cloud Services Delivery"

"SaaS, BPaaS and CSB Need Three Capabilities to Innovate or Transform the Business"

Gartner, Inc. | G00263850 Page 21 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Cloud IMDG Services

Analysis by: Massimo Pezzini

Definition: Cloud in-memory data grid (IMDG) services are a form of PaaS that enables the implementation of a data grid in the cloud. A data grid is an in-memory, distributed and object- oriented transactional data store that can be partitioned across multiple clustered and replicated nodes. Thus, it is possible to store (in-memory) large amounts of data; in case of a node failure, the data in the associated partition is still available in the mirror nodes. Cloud applications primarily use these services to store transient data and for caching.

Position and Adoption Speed Justification: Cloud IMDG services help developers implement high-performance, highly scalable cloud applications by keeping in-memory, frequently accessed, typically read-mostly data.

A data grid stores objects (or key/value pairs) that can be retrieved by means of a primary key, and can be partitioned across multiple clustered nodes. Consequently, data grids store large amounts (theoretically up to exabytes, but up to several terabytes in real-life situations so far) of data (in some cases, across potentially hundreds of nodes and multiple [usually two or three] data centers). Each partition can be replicated in real time and in a transactional fashion on one or multiple (typically two) mirror nodes. Therefore, in case of a node failure, the data in the associated partition is still available in the mirror nodes and access to data can be parallelized, thus improving scalability. Applications don't need to know where the data is physically stored to access it. Replication and recovery from failover are automatically and transparently managed by the IMDG.

Cloud IMDG services (at times also referred to as "imdgPaaS") deliver the capabilities of on- premises IMDG products as PaaS, thus additionally providing the typical cloud services benefits: standardized self-service provisioning, pay per use, minimal IT operation burden on users, strong security and elastic scaling.

On-premises IMDGs have been available for almost a decade. The most popular products account for hundreds, if not thousands, of production customers. Their cloud counterparts have been available only for a few years, and their use for production deployments is limited. Usually, they support only the on-premises IMDG core features (i.e., partitioning, replication/mirroring and failover capabilities, as well as security, monitoring and multitenancy). The most advanced IMDG capabilities (for example, programmable containers, query languages, distributed processing, persistency mechanisms, eventing and cross-data-center replications) are not typically provided.

In several cases, cloud IMDG services are made available as a colocated component, often separately priced, of a broader PaaS offering that typically includes application PaaS (aPaaS), database PaaS (dbPaaS) and other capabilities. Colocation of cloud IMDG service in a broader PaaS is the optimal scenario to provide low latency/high performance for applications developed on that PaaS. Nonetheless, during the past 12 to 18 months, some providers have released stand- alone cloud IMDG services on the basis of the Memcached and Redis technologies, although Redis is often positioned as an in-memory NoSQL DBMS rather than an IMDG. Most cloud IMDG service providers (typically those based on open-source IMDG technologies) do not offer a cloud-enabled IMDG software for on-premises deployments.

Page 22 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Cloud IMDG services are primarily suitable for supporting distributed-caching and transient-data- storing scenarios (for example, shopping carts, session data), whereas their on-premises counterparts are also used in more sophisticated use cases (such as big data analytics, streaming analytics and support for database of record in business-critical applications). However, during the next three years, Gartner expects the leading IMDG providers to supply cloud services renditions of their products, typically in the context of broader PaaS offerings. This will augment the appeal of these services by progressively closing the functional gap between the on-premises and cloud- services offerings, and making them suitable to address some of the most advanced use cases that are currently supported by on-premises IMDGs.

User Advice: To support the implementation of Web-scale or mobile-enabled applications that serve a large community of users and that sustain high throughputs (up to tens of thousands of transactions per second) with low latency, application development managers should:

■ Adopt cloud IMDG services, preferably in combination with a colocated aPaaS and dbPaaS.

■ Give preference to cloud IMDG service providers supporting features comparable to those of on-premises IMDG products to get the most value from the investment.

Business Impact: Cloud IMDG services enable organizations (but also ISVs and SaaS providers) to retrofit (with minimal impact) established cloud applications to increase their performance and scalability, as well as to support development of Web-scale and mobile-enabled cloud applications. Thus, organizations can enhance the productivity of their business processes, speed operations, support low-latency requirements, improve user/customer/supplier/employee satisfaction and extend the reach of cloud applications to global user constituencies, while protecting investments in their established cloud application assets.

In combination with aPaaS, dbPaaS and other cloud services, cloud IMDG services enable organizations to develop Web-scale cloud-enabled transaction-processing-oriented applications — for example, global-class e-commerce, online advertisement, SaaS and social networks — that cannot otherwise be supported by classic aPaaS. Cloud IMDG enable these scenarios by also delivering the typical cloud benefits: self-service consumption, elastic-scaling, fast-project-start and operating expenditure (opex) approach.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Amazon Web Services; Google; Heroku; Microsoft; Openredis (Amawaka); Rackspace

Recommended Reading:

"Taxonomy, Definitions and Vendor Landscape for In-Memory Computing Technologies"

Gartner, Inc. | G00263850 Page 23 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"In-Memory Data Grids Enable Global-Class Web and Mobile Applications (While Not Bankrupting Your Company)"

DevOps

Analysis by: Ronni J. Colville; Jim Duggan

Definition: DevOps represents a change in IT culture, focusing on rapid IT service delivery through the adoption of agile, lean practices in the context of a system-oriented approach. DevOps emphasizes people (and culture), and seeks to improve collaboration between operations and development teams. DevOps implementations utilize technology — especially automation tools that can leverage an increasingly programmable and dynamic infrastructure from a life cycle perspective.

Position and Adoption Speed Justification: DevOps doesn't have a concrete set of mandates or standards, or a known framework (e.g., ITIL or Capability Maturity Model Integrated [CMMI]), making it subject to a more liberal interpretation. For many it is elusive enough to make it difficult to know where to begin and how to measure success. This can accelerate adoption — or potentially inhibit it. DevOps is primarily associated with continuous integration and delivery of IT services as a means of providing linkages across the application life cycle, from development to production. DevOps concepts are becoming more widespread across cloud projects and in more traditional enterprise environments. The creation of DevOps teams brings development and operations staff together to more consistently manage an end-to-end view of an application or IT service. For some IT organizations, streamlining release deployments from development through production is the first area of attention; this is where most acute service delivery pain exists.

DevOps practices include the creation of a common process for the developer and operations teams; formation of teams to manage the end-to-end provisioning and practices for promotion and release; a focus on high fidelity between environments; standard and automated practices for build or integration; higher levels of test automation and test coverage; automation of manual process steps and informal scripts; and more comprehensive simulation of production conditions throughout the application life cycle in the release process.

Both Dev and Ops look to tools to replace custom scripting with consistent application or service models, improving deployment success through more predictable configurations. The adoption of these tools is not associated with development or production support staff, but rather with groups that straddle development and production, and is typically instantiated to address specific Web applications with a need for increased release velocity. To facilitate and improve testing and continuous integration, tools that offer monitoring specific to testers and operations staff are also beginning to emerge. Another challenge of DevOps adoption is the requirement for pluggability. Toolchains are critical to DevOps to enable the integration of function-specific automation from one part of the life cycle to another.

DevOps implementation is not a formal process; therefore adoption is somewhat haphazard. Many aspire to reach the promised fluidity and agility, but few do. IT organizations leveraging pace- layering techniques can stratify and categorize applications and find applications that could be good targets for adoption. We expect this bifurcation (development focus and operations focus) to

Page 24 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

continue for the next two years, but as more applications or IT services become agile-based or customer-focused, the adoption of DevOps will quickly follow. DevOps does not preclude the use of other frameworks or methodologies, such as ITIL. Incorporating some of these best-practice approaches can enhance overall service delivery.

User Advice: DevOps hype is beginning to peak among tool vendors, with the term applied aggressively and claims outrunning demonstrated capabilities. Many vendors are adapting their existing portfolios and branding them DevOps to gain attention. Some vendors are acquiring smaller point solutions specifically developed for DevOps to boost their portfolios. We expect this to continue. IT organizations must establish key criteria that will differentiate DevOps traits (strong toolchain integration, workflow, continuity, context, specificity, automation) from traditional management tools.

Successful adoption or incorporation of this approach will not be achieved by a tool purchase, but is contingent on a sometimes difficult organizational philosophy shift. Because DevOps is not prescriptive, it will likely result in a variety of manifestations, making it more difficult to know whether one is actually "doing" DevOps. However, the lack of a formal process framework should not prevent IT organizations from developing their own repeatable processes for agility and control. Because DevOps is emerging in definition and practice, IT organizations should approach it as a set of guiding principles, not as process dogma. Select a project involving development and operations teams to test the fit of a DevOps-based approach in your enterprise. Often, this is aligned with one application environment. If adopted, consider expanding DevOps to incorporate technical architecture. At a minimum, examine activities along the existing developer-to-operations continuum, and look for opportunities where the adoption of more-agile communication processes and patterns can improve production deployments.

Business Impact: DevOps is focused on improving business outcomes via the adoption of continuous improvement and incremental release principles adopted from agile methodologies. While agility often equates to speed, there is a somewhat paradoxical impact; and smaller, more frequent updates to production can work to improve overall stability and control, thus reducing risk.

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Boundary; CFEngine; Chef; Circonus; Puppet Labs; SaltStack

Recommended Reading:

"Deconstructing DevOps"

"DevOps Toolchains Work to Deliver Integratable IT Process Management"

"Leveraging DevOps and Other Process Frameworks Requires Significant Investment in People and Process"

Gartner, Inc. | G00263850 Page 25 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"DevOps and Monitoring: New Tools for New Environments"

"Catalysts Signal the Growth of DevOps"

"Application Release Automation Is a Key to DevOps"

Container Frameworks

Analysis by: Lydia Leong

Definition: Container frameworks are a form of IT operations management software that provide management and orchestration for OS containers. Container frameworks offer APIs that allow the automation of container management, as well as integration into and extension of the framework. Frameworks increase the utility of OS containers by providing capabilities such as packaging, placement and deployment, and fault-tolerance.

Position and Adoption Speed Justification: OS containers — otherwise known as shared-OS virtualization — are not new technology, but interest is rising sharply as a result of the introduction of container frameworks; this interest comes primarily from application developers and those with a DevOps approach to operations. The most notable container framework is Docker, whose core value proposition is allowing easy and efficient packaging of applications into OS containers; it has become the nexus of the container-related ecosystem. There is also increasing interest in container frameworks that are focused on cluster management, such as Apache Mesos, the CoreOS "fleet" project, and Google's Kubernetes project, which are useful for orchestrating large-scale deployments of containers. Although there is a high degree of interest in and awareness of container frameworks in early-adopter organizations, the hype has not yet penetrated into more mainstream organizations.

Most use of container frameworks is focused specifically on Linux environments, where the OS container technology is relatively immature; the interest in container frameworks is accelerating improvements to Linux's shared-OS virtualization. Container frameworks themselves are extremely immature, and are evolving extremely rapidly. Almost no organizations use container frameworks in production environments today. Container frameworks are likely to remain an early-adopter technology for at least two years.

User Advice: Early-adopter organizations should begin exploring Docker as an alternative for packaging and deploying applications and their runtime environments, particularly when an application will be deployed into multiple environments that may not be identically configured. Docker should be viewed as a supplement to configuration management, not a replacement for it. As Docker integration is added to existing DevOps tools and to the service offerings of cloud infrastructure as a service (IaaS) and platform as a service (PaaS) providers, DevOps-oriented organizations should experiment with altering their processes and workflows to incorporate Docker. Organizations should also look at the emerging ecosystem around Docker, and other container frameworks.

Page 26 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

An organization may be a good candidate to explore cluster management frameworks in conjunction with OS containers as an alternative to a private cloud created with a cloud management platform such as OpenStack, if it meets the following criteria:

■ Is DevOps-oriented

■ Has either a large number of scale-out applications, high-volume scale-out applications, a microservices architecture, or large-scale batch workloads

■ Is willing to place these workloads in OS containers

■ Can assume trust between containers

■ Intends to use an API to automate deployment, rather than obtaining infrastructure through a self-service portal

In most cases, OS containers will not replace hypervisor-based virtualization technologies, such as VMware or KVM. Even when OS containers are used, hypervisor-based virtualization will often be used to enforce additional isolation for security purposes, and may be used to provide additional resiliency; in other words, OS containers will often be deployed within virtual machines (VMs).

Business Impact: Container frameworks make it easier to take advantage of OS container functionality, including providing integration into DevOps tooling and workflows. Each container framework, along with the tools integrated into that framework, provides a different set of functionality. Container frameworks typically take an application-centric view — the OS container is simply a convenient vehicle into which an application can be deployed. Large numbers of containers are typically easier to manage than large numbers of VMs, since multiple containers can share a single OS instance, thus reducing the scale of OS-related maintenance. Container frameworks aim to further improve this management efficiency by providing applications with an apparently homogeneous OS environment. Container frameworks should help improve both the productivity of DevOps engineers and quality via standardization and automation.

Container frameworks may be able to significantly improve resource utilization by increasing workload densities, while maintaining acceptable performance via intelligent workload placement and prioritization. OS containers can be rapidly provisioned and scaled, and the scaling units can be much smaller than a typical VM; thus, container frameworks with autoscaling capabilities can further improve utilization by dynamically allocating small increments of compute resources. This resource efficiency potentially leads to lower costs, especially when deploying applications into IaaS and PaaS offerings.

Benefit Rating: Moderate

Market Penetration: Less than 1% of target audience

Maturity: Embryonic

Sample Vendors: CoreOS; Docker; Mesosphere

Gartner, Inc. | G00263850 Page 27 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Internal CSB

Analysis by: Benoit J. Lheureux; Daryl C. Plummer

Definition: Cloud services brokerage (CSB) is an IT role and business model in which a company or other entity adds value to one or more (public or private) cloud services on behalf of one or more consumers of that service via three primary IT services roles: aggregation, integration and customization brokerage. Internal CSB is the application of the CSB role by internal IT organizations (as an alternative to external service providers) to IT projects that involve brokering a combination of public and private cloud services.

Position and Adoption Speed Justification: The internal CSB role is emerging as IT organizations respond to the growing need to improve the provisioning and consumption of distributed, heterogeneous and often complex cloud services across their company. It tends to emerge in companies where there is a desire to get ahead of cloud service demand and to govern, manage and offer an appropriate set of internal and external cloud services to meet that demand (see "A CIO Primer on Cloud Services Brokerage"). But as an alternative to outsourcing the CSB role, many companies will rely on their own internal IT organizations to establish an internal CSB role (see "Internal CSB Role Is Emerging Within IT Organizations").

The internal CSB role is responsible for dozens of nontrivial cloud services skills and capabilities, including, but not limited to, licensing, provisioning, security, management, risk, application integration, disaster recovery, support and compliance (see "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role"). CSB-enabling technologies from providers of technology are used to help implement the internal CSB role (see "Cool Vendors in Cloud Services Brokerage Enablers, 2013"). In addition, cloud management platforms offer CSB-enabling functionality (see "Market Guide for Integrated Infrastructure Systems Cloud Management Platforms"). Examples of high-impact CSB-enabling technologies used to implement internal CSB include but are not limited to:

■ Providers of CSB-enabling technology facilitating aggregation brokerage for large-scale cloud services provisioning such as AppDirect, ComputeNext, FullArmor, HP, IBM, Jamcracker, LuxCloud, 9 Spokes and Parallels (see "Manage Your Cloud Services With the Right Roles and Technologies")

■ Providers of cloud management platforms such as CloudSwitch, BMC Software, CA Technologies, HP, IBM, Microsoft and VMware (see "Market Guide for Cloud Management Platforms From Large Software and Emerging Vendors" and "Market Guide for Open-Source Software Cloud Management Platforms")

■ Providers of integration PaaS, such as Action, Dell Boomi, IBM, Informatica, Jitterbit, MuleSoft and SnapLogic, which support a range of application, data and service/API integration capabilities that enable real-time and batch exchange of messages and data between cloud services (and on-premises endpoints), thus facilitating process integration and application composition

■ Providers of application PaaS (aPaaS), such as salesforce.com, Microsoft, Google, Software AG, Progress Software, Red Hat, MIOsoft, WSO2 and CloudBees, which support development,

Page 28 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

runtime execution and life cycle management of cloud-enabled business applications as well as the core cloud capabilities such as self-service, multitenancy and fast scaling (see "Magic Quadrant for Enterprise Application Platform as a Service")

■ Providers of fine-grained API management capabilities such as Apigee, Intel (Mashery), SOA Software, CA Technologies (Layer 7), 3scale and Axway (Vordel) for use by companies and partners fulfilling the CSB role (see "Devise a Systematic API Management and Governance Strategy for Long-Term CSB Success")

■ Providers of business process management (BPM) platform as a service (PaaS) such as Appian, Fujitsu (RunMyProcess), OpenText Process Suite (Cordys), and Kofax offering technology that integrates processes, applications, and data across multiple cloud services, giving workers in multiple organizations better visibility into process performance and compliance

■ Providers across a wide range of technology focus areas, including cloud security (CipherCloud, Okta), federated help desk (Cisco [SolveDirect]), cloud services product management (Appregatta Technologies) and notification services (Twilio), just to name a few

Evaluating service offerings that comprise multiparty vendor ecosystems has traditionally been addressed in multisourcing integrator (MSI) research, which evolved out of the need for complex service integration requirements across a smaller number of multiple vendors in large, but stable, processing requirements (see "Essential Provider Selection Criteria When Outsourcing the Multisourcing Services Integrator Role"). The internal CSB role is emerging to address the more dynamic cloud environment, which can involve a larger number of more diverse and fast-evolving cloud providers.

A large proportion of cloud consumption is occurring within LOBs, which as least initially find it relatively easy to manage the various commercial (for example, agreements, billing and support) and technical (for example, security, management and provisioning) tasks associated with cloud consumption. However, as cloud consumption expands to multiple providers, these same organizations begin to discover that unilaterally managing multiple cloud services provider relationships becomes unwieldy. Companies with multiple LOBs in this situation lack economies of scale, and have no efficient way to enforce consistency or policy, for example, for security or integration. Thus, at some point, as cloud adoption increases (see "How to Determine When to Use a Cloud Services Brokerage"), companies in this situation move to adopt internal CSB.

User Advice: Consider internal CSB when:

■ Doing so is mandated as a required internal core competency, for example, for security or compliance

■ Doing so is perceived to better meet IT requirements, e.g., by reducing risk, time to deployment, project life cycle TCO, etc.

■ You already play a traditional IT shared-service role and you desire to expand this role with internal CSB skills and technology

■ No viable external CSB is available for your IT project requirements

Gartner, Inc. | G00263850 Page 29 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Use Gartner CSB evaluation criteria (see "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role") as the starting point for developing your own set of CSB requirements, and then establish your own shortlist of CSB skills — such as provisioning, security, integration — which you'll need to scale up cloud adoption.

Seek executive-level support to ensure the success of your internal CSB initiatives.

Business Impact: The business impact of internal CSB will be broad, significant and enduring because:

■ Cloud adoption will be broadly pervasive across industries and geographies, and a large proportion of cloud adoption will involve (more complex) hybrid cloud.

■ The CSB role involves dozens of new and nontrivial technical and commercial cloud services skills and capabilities.

■ Although most cloud initiatives are relatively simple, they often evolve into more complex projects that require aggregation, integration and customization.

■ Although some companies will outsource many tasks associated with the CSB role, many others will prefer that their IT organizations assume the role as they are closer to the lines of business and more able to work with them on their diverse requirements.

As LOBs increasingly bypass IT by unilaterally adopting cloud, the influence of many IT organizations — if no action is taken — will decline. By assuming the internal CSB role, IT organizations can help LOBs to be more successful in their cloud initiatives and, therefore, reassert a positive and influential role for IT in the company. For a variety of commercial and technical reasons, at least 30% of midsize to large enterprise IT departments will assume an internal CSB role and broker cloud services themselves (see "Predicts 2013: Cloud Services Brokerage").

Benefit Rating: Transformational

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: 3scale; 9 Spokes; Action Technologies; Apigee; AppDirect; Appian; Appregatta Technologies; Axway (Vordel); BMC; CA Technologies; CipherCloud; Cisco; CloudBees; CloudSwitch; ComputeNext; Dell Boomi; Fujitsu; FullArmor; Google; HP; IBM; Inc.; Informatica; Intel (Mashery); Jamcracker; Jitterbit; Kofax; LuxCloud; Microsoft; MIOsoft; MuleSoft; Okta; OpenText (Cordys); Parallels; Progress Software; Red Hat; salesforce.com; SnapLogic; Software AG; SOA Software; Twilio; VMware; WSO2

Recommended Reading:

"A CIO Primer on Cloud Services Brokerage"

"Internal CSB Role Is Emerging Within IT Organizations"

"Cool Vendors in Cloud Services Brokerage, 2013"

Page 30 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"Cool Vendors in Cloud Services Brokerage Enablers, 2013"

"Predicts 2013: Cloud Services Brokerage"

At the Peak

Hybrid IT

Analysis by: Thomas J. Bittman; Daryl C. Plummer

Definition: A hybrid IT organization is a trusted broker for a broad range of IT services (including services provided by the IT organization and external providers) using both cloud computing styles (private, public and hybrid) and traditional styles of computing. Hybrid IT is an organizing principle for how an IT department operates to be both a provider of IT services and provide value-add to IT services provided by others. A hybrid IT organization manages multiple sourcing models that can change dynamically.

Position and Adoption Speed Justification: As interest and usage of cloud computing services from external providers has grown, large enterprises in particular are looking for ways to enable that usage, but with appropriate governance. Inquiries from Gartner clients on effective governance of cloud services have increased significantly since 2013. Technologies to enable brokering have been emerging, and a number of these technologies have recently been acquired by major vendors (for example, in 2013 Dell acquired Enstratius and CSC acquired ServiceMesh). Demand will continue to rise. Cloud computing provides a low barrier to entry but also enables uncontrolled and wasted use (also called "cloud sprawl"). Cloud providers themselves have little interest in making cross-service migrations or integration easy, which will increase the demand for an intermediary role. As cloud computing services mature, there will be a growing need for cross-service management, integration and aggregated hybrid cloud services, and appropriate compliance and security measures will need to be put in place. While demand is growing rapidly, the fundamental role of the IT organization and associated skills will need to change, shifting from "just" a provider role to the role of both provider and broker of IT services, which will keep hybrid IT from becoming mainstream very rapidly.

User Advice: A successful hybrid IT effort requires the IT organization to focus on three approaches to being a broker for services (including services from cloud providers): accelerating time to value (getting to the right solution quickly), adding value (customizing as needed, reducing overhead costs and effort and managing service levels, financials, problem management, etc.) and protecting the enterprise (in terms of security, compliance and providers that fail).

Actions that help create a hybrid IT organization include:

■ Creating a core competency center on provider capabilities, best practices and internal user feedback

■ Offering services through a central portal that provides a fast path to services and necessary service information

Gartner, Inc. | G00263850 Page 31 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Removing/reducing overhead efforts such as managing financials, dealing with problem management and overall provider relationship management

■ Eventually, completely abstracting the providers and sourcing styles behind a portal, allowing users to focus on their requirements rather than provider-specific requirements

These actions will require new skills and organization structures to be developed in IT, focused on service orchestration and provider capabilities and best practices.

Business Impact: A hybrid IT organization can help the enterprise leverage cloud computing services faster, more efficiently, and with managed and acceptable risk. As cloud computing use expands and matures, the requirements for security management, cross-service coordination, data sharing, service-level management and migration paths will grow to the point that enterprises without a hybrid IT organization will have serious competitive issues — delays in leveraging cloud providers quickly and effectively, redundant overhead costs placed on end users, inefficient use of cloud services and cloud provider failures that directly impact the business. Some enterprises — especially smaller ones — will choose to fill this intermediary role by outsourcing to external providers, boutique cloud integration firms and cloud system integrators (cloud service brokerages). Larger enterprises, on the other hand, should consider this broker role as a critical core competency that enables not just efficient use of IT services (internally and externally), but which can drive significant top-line growth through more competitive use of cloud services.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Recommended Reading:

"Hybrid IT: Delivering IT as a Provider and a Trusted Broker"

"Using Hybrid IT to Target Processes and Applications for Business Reinvention"

"2014 Strategic Road Map for Business Process Innovation in Hybrid IT"

Private PaaS

Analysis by: Gregor Petri; Yefim V. Natis

Definition: Private platform as a service (PaaS) is the rendition of PaaS with access by only the owner organization using dedicated access. Private PaaS may be deployed on-premises or remotely at a data center of the owner's choice. PaaS Frameworks and high-productivity cloud- enabled application platforms (CEAPs) are the enabling technology for private PaaS.

Position and Adoption Speed Justification: Most discussion of PaaS at this stage of cloud computing adoption is focused on the public cloud and a few particular types of the PaaS spectrum, such as application PaaS (aPaaS) and integration PaaS (iPaaS) — although many other

Page 32 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

forms of middleware capability are available as cloud services as well (see "Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013").

A growing number of IT organizations are looking to establish a private PaaS to benefit from the productivity and efficiency of cloud computing while avoiding the perceived risks of exposure to the public cloud: security, compliance, integrity, reliability, availability and performance; and other public cloud challenges, such as dependence on or lock-in to external service providers. Furthermore, external regulations and internal company policies can prevent organizations from entering the public cloud space for some or all projects, serving as another driver for establishing a private PaaS. When PaaS is used to create advanced systems of differentiation and innovation, some organizations see the private cloud deployment as a protection of the intellectual property (IP) invested in creating these unique systems. Other organizations simply don't like having a subscription relationship with a vendor without owning the software assets, and some prefer to control their IT direction in their own wholly owned data centers. Other drivers of private PaaS are the desire to reduce the cost of IT operations and standardize technology platforms, or to establish a seamless application model between private on-premises and public cloud-based deployments.

Cloud divides IT into providers and subscribers. In the case of the private PaaS, both belong to the same organization. However, the experience of the subscribers — if the private cloud is implemented correctly — is the same as when they subscribe to public cloud services. Private or public, the services are encapsulated and their internal implementation is hidden from the subscribers. Private cloud establishes in the IT organization the culture and the practices of a cloud service consumer — that is, reliance on the reuse of standard services and optimization of the use of resources through self-service and elasticity. Established as an encapsulated self-service offering, private PaaS can be a stage on the way to adoption of public PaaS, since the choice of public or private sourcing is made by the providers and is mostly or entirely invisible to the subscribers. The consequence is a hybrid cloud environment managed by an internal cloud service brokerage function. Private PaaS can be an enabling technology for companies that will adopt the internal cloud service broker roles of integration or customization.

Most IT organizations are not equipped to create a private PaaS "by hand" — implementing custom cloud management software that adds elasticity, self-service and other cloud characteristics to traditional middleware. Such projects are complex, require substantial internal expertise and are prone to errors and inefficiencies. Meanwhile, until recently, most vendor PaaS-enabling software, such as PaaS Frameworks or high-productivity CEAPs, was offered by small, unproven vendors and was largely proprietary. Most organizations therefore limited their private cloud investments to just the system infrastructure (IaaS) with traditional precloud middleware deployed over it. This IaaS plus middleware arrangement (IaaS+) is a step toward a private PaaS, but it does not deliver the implementation abstraction of PaaS.

Recent developments such as the establishing of the Cloud Foundry foundation, backed by some industry megavendors such as IBM, SAP and HP, as well as efforts by Apprenda, Red Hat, Google, WSO2 and others, have introduced new albeit limited private PaaS options. While few organizations have yet created a private PaaS environment using these new technologies, many are exploring possibilities to do so in the future, following the growing popularity of the notion of the private PaaS and its surrounding hype. As more organizations complete their real-world deployments, many

Gartner, Inc. | G00263850 Page 33 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

users are bound to be disappointed with the lower-than-expected productivity, ease of use and efficiency of the resulting environment. This will push the technology down toward the Trough of Disillusionment.

User Advice:

■ Invest in a private PaaS as a natural extension from private IaaS, adding more self-service, standardization, greater agility and productivity, centralized control and optimization of your middleware infrastructure.

■ To establish a private PaaS, select a PaaS Framework or a high-productivity CEAP offering that offers self-service at the middleware level with opaque (hidden) underlying system infrastructure. The system infrastructure (such as virtual machines [VMs] or physical machines) must be managed and visible only by the providers, not by the subscribers to the aPaaS services. Simply deploying middleware on VMs (IaaS+) will provide minimal cloud middleware service characteristics.

■ Give preference to PaaS Frameworks from vendors that also offer public PaaS services using the same software. This will simplify some of the future expansion, or transitioning to the public cloud.

■ Before moving to a public or private PaaS, make sure your IT environment is well-versed in service-oriented architecture (SOA). Adjusting to using cloud application resources is similar to building SOA services, because the cloud is an encapsulation of IT capabilities offered in large part through programmatic SOA-style interfaces.

■ Customers are advised to proceed with caution — speed can be gained and risk reduced by first exploring and understanding the use of public PaaS services before adopting a private PaaS strategy.

Business Impact:

■ Private PaaS enables organizations with severe concerns about public clouds' security and quality of service, or with the protection of the valuable IP in their systems of differentiation, to begin developing the progressive IT practices associated with cloud computing. But organizations must realize that this is not a trivial exercise and that it will require a lot more effort, skills and experience than subscribing to a public PaaS service.

■ For many mainstream IT organizations, the transition to cloud is a transformational change. IT organizations that adopt the private PaaS architecture will position themselves for higher degrees of efficiency in their IT operations, as well as improved standardization, productivity, agility and manageability of their information resources. They will be better prepared to adopt the hybrid combination of the public and private cloud to support current and future cloud- based business models, which will expand their technology utilization options and increase the scope of the available IT resources.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Page 34 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Maturity: Emerging

Sample Vendors: ActiveState; Apprenda; Corent Technology; Gnubila; MIOsoft; OrangeScape; Pivotal; Progress Software; Red Hat; Software AG; WSO2

Recommended Reading:

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

"Magic Quadrant for Enterprise Application Platform as a Service"

"Magic Quadrant for Enterprise Integration Platform as a Service"

"What IT Leaders Need to Know About Application PaaS Models and Use Patterns"

"Now Is the Time for Mainstream IT Organizations to Understand PaaS"

"Gartner Reference Model for PaaS"

Cloud API Management

Analysis by: Paolo Malinverno

Definition: API management includes governing the life cycle of APIs, and setting and enforcing policies for their definition/design/usage by applications. API management is a subset of application services governance and significantly overlaps service-oriented architecture (SOA) governance. However, there are important differences, as APIs are only published to meet a specific application need (as opposed to companywide SOA — see "Govern Your Services and Manage Your APIs With Application Services Governance").

Position and Adoption Speed Justification: API management's basic functionality includes:

■ Creation and publication of an API that opens new business opportunities (or consolidates existing ones) and is easily consumable in a secure, process-like fashion by the developers being targeted. Features typically include API discovery, documentation, developer access provisioning and key generation, testing and collaboration through a developer's portal.

■ Operational management, security, format translation and the collection of statistics associated with the use of the API.

■ Support of API life cycle management (for example, versioning and packaging, or retirement).

Additional API management functionality or services — not everyone feels they need them, but, in general, they do — relate to:

■ The planning and design of value-generating APIs

■ The promotion of API usage, targeting all the developer communities that might be interested in it

Gartner, Inc. | G00263850 Page 35 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ The assessment of the real value of the API, which sometimes includes different models to monetize it

■ The instrumentation and analytics of using the API

API management offerings have been maturing for at least five years, but usage has really ramped up only in the past two years (largely because of the rise of mobile apps and the increasing influence of the Nexus of Forces). A lot of the APIs are B2B or B2C by nature, so these offerings are generally cloud-based managed services. Some SOA governance technology (part of application services governance) is run in the cloud, which — for the sake of this technology profile — is considered part of cloud API management services.

With digital business and the Internet of Things mounting as the next big trends, and the central role APIs will play as part of them, we have only seen the beginning of API management. Acquisitions in this space will continue to be commonplace, as larger players will want to buy themselves a slice in a rapidly growing market.

User Advice: The importance of APIs will increase steadily in the coming years. In addition to the megatrends just overviewed in the previous section, more and more B2B interactions will be API- based (see "Predicts 2013: Application Development"). Cloud services brokerages base their entire business model on Web APIs, and will increasingly need API management (see "Devise a Systematic API Management and Governance Strategy for Long-Term CSB Success").

In addition, corporate applications and mobile apps will be more API-based: consider software- defined architecture for application services to facilitate the management of application APIs and the introduction of light-weight virtual APIs for consumers. IT departments have less time and fewer resources to develop/buy/maintain all the applications their companies need. It is only going to get worse:

■ Users will increasingly demand personalized features.

■ More and more digital natives will be joining the company.

■ Mobile will keep pulverizing the current concept of application.

■ Different apps suit different users.

■ Digital business applications will have unprecedented agility requirements.

■ The number of channels is multiplying (bring-your-own-device adoption will explode this even further):

■ Web, tablets, smartphones, TVs, video game consoles, cars and more (for example, Google Glasses and, in general, Internet of Things devices).

■ Each one of them sports several technology platforms.

Companies will not be able to afford to provide different experiences for every user. As a result, IT departments need to package data and logic from the system or record applications they have today (and the few they will acquire/build in the next year or two) into APIs/services and find win/win

Page 36 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

scenarios where someone else — outside IT, and, frequently, outside the company — will build them into winning user experiences.

Start thinking about which APIs will enable innovative applications/apps/business scenarios and how they can open up new customer channels and new ways of doing business, then you will be thriving in what is being called the "API economy."

Business Impact: Cloud API management is useful for organizations publishing APIs to expand their reach to social, media, mobile and other emerging marketing communication channels. These organizations often need help planning, deploying and managing their API initiatives. It is also useful to the (frequently mobile application) developers embedding the APIs in their apps. A full-featured developer portal is — and increasingly will be — fundamental to drive API usage. As the number of public APIs grows, cloud services brokerages will offer more and more services built on top of them (according to the three CSB roles: aggregation, integration and customization), and will need sophisticated API management to scale their businesses properly.

APIs are new distribution channels. No CIO can ignore their business potential and the transformation they will cause in IT departments in the future. Because of the ubiquitous adoption of SOA and growing importance of mobile and IoT, API management is essential in a Web-scale digital business environment. Without it, organizations risk loss of productivity, efficiency and integrity of their information processes.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Emerging

Sample Vendors: 3scale; Apigee; Axway (Vordel); CA Technologies (Layer 7); IBM; Intel (Mashery); MuleSoft; SOA Software; WS02

Recommended Reading:

"Govern Your Services and Manage Your APIs With Application Services Governance"

"Devise a Systematic API Management and Governance Strategy for Long-Term CSB Success"

"How to Understand the Criteria for the 2013 Application Services Governance Magic Quadrant"

"Magic Quadrant for Application Services Governance"

"Predicts 2013: Application Development"

Cloud Security Standards

Analysis by: Jay Heiser; Rob McMillan

Gartner, Inc. | G00263850 Page 37 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Definition: The buyers and sellers of public cloud services need standardized system to assess provider security and continuity. Cloud security and risk standards consist primarily of a set of controls, and may additionally encompass questionnaires, discussion papers, references to other security standards, evaluation process guidelines, and approval and licensing of the evaluator.

Position and Adoption Speed Justification: Buyers of public cloud services require a checklist of items that can help ensure a provider's ability to maintain information confidentiality, integrity and reliability, and to restore data and service after a disaster. Formal and de facto cloud security standards are establishing the best practices for security and continuity. Formal third-party assessments based on either International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 or SOC2 are becoming the norm for enterprise-oriented cloud services. Several national governments have created cloud service frameworks to facilitate the buying of cloud services by their agencies.

ISO/IEC 27001 is an internationally accepted security standard that can be adopted by end-user organizations, and it is increasingly applied to the formal third-party evaluation of cloud service providers (CSPs). ISO/IEC 27017, influenced by Cloud Security Alliance (CSA) material, is being developed to supplement the generic ISO/IEC 27002 code of security practice with controls specific to cloud computing. Delayed until 2015, it will likely become a common element of formal ISO/IEC 27001 evaluations of CSPs. An additional formal international standard, ISO/IEC 27018, will address privacy in the public cloud.

The American Institute of Certified Public Accountants (AICPA) has updated its practices based on AT Section 101: Attest Engagements, of the attestation standards using the Trust Services Principles and Criteria. These AICPA standards are used by CPAs in the U.S. for reporting on the effectiveness of a service organization's operations and compliance controls. SOC 2 reports are increasingly recognized globally as being a suitable form of third-party evaluation for cloud service providers.

The U.S. government's Federal Risk and Authorization Management Program (FedRAMP) was created for the formal and ongoing evaluation of cloud service providers. A set of control standards for cloud service provider evaluation was released in late 2011. A related work from the National Institute of Standards and Technology (NIST), Special Publication 800-144: Guidelines on Security and Privacy in Public Cloud Computing, was published in December 2011. It provides an excellent summary of the unique technology and process issues impacting the risk of cloud service providers. FedRAMP is the most significant attempt to create a single third-party evaluation for the benefit of multiple cloud service buyers, but after two years of operation, fewer than one service a month have actually been evaluated.

The CSA was formed in 2009, and is positioned to become the organization with the most influence over international cloud security standards. With substantial global participation and events in multiple continents, the CSA currently has 19 different initiatives working on specific aspects of cloud security. Two templates are most important to cloud service buyers: the Cloud Controls Matrix (CCM) and the Consensus Assessments Initiative Questionnaire (CAIQ). The Security, Trust & Assurance Registry (STAR) initiative has recently been positioned as a form of cloud security certification, based upon the successful undertaking of either a 27001 or SOC 2 evaluation that incorporates CSA controls.

Page 38 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Shared Assessments is an organization based on fee-paying members, providing a relatively mature body of vendor risk evaluation material. The Standardized Information Gathering (SIG) questionnaire was originally created by BITS, a consortium of American financial services firms, several years before the term "cloud computing" was coined. It has evolved into a complete suite of documents, standards and processes, including material that takes into account the unique risk aspects of cloud computing. Use requires a licensing fee.

User Advice: Cloud service buyers that desire the highest levels of assurance for cloud service security and reliability for the least cost and effort should use CSPs that have been verified through a standards-based third-party evaluation. Higher levels of assurance can be attained by requesting and thoroughly reviewing a copy of the formal report from the third-party evaluator.

If a formal third-party evaluation is not practical for smaller service providers, then the buying organization should at least ensure in writing that the CSP is meeting a minimum expected set of controls. Ask for a complete response to one of the published cloud risk questionnaires. Providers that refuse to comply can legitimately be asked why they would not want to meet current best practices for transparency. The SIG, CAIQ and FedRAMP templates are constructed in the form of yes-no questions; but in critical use cases, significantly better risk assessment information can be obtained by replacing the binary "Do you?" with "How do you?"

Organizations using ISO/IEC 27001 and ISO/IEC 27002 to populate questionnaires should consider incorporating material from the CSA. U.S. government agencies can start taking advantage of the available templates released from the FedRAMP process, but as of mid-2014, fewer than 20 services are FedRAMP-authorized.

Business Impact: The inconvenience of current risk assessment processes acts as an inhibitor on the cloud computing market, adding unwanted friction to what should be a relatively fluid market. Formal cloud risk evaluation is proving increasingly beneficial in reducing the market friction caused by concerns over security and the current lack of transparency. Although only a few buyers have access to services that could be considered to have undergone a "cloud computing security certification," ISO 27001 and SOC 2 are increasingly meeting this role. By 2015, Gartner expects to see multiple CSPs that have attained CSA STAR certification.

While buyers are becoming increasingly confident about "name brand" cloud service providers, smaller providers are using ever-more-complex chains of subproviders. If evaluating the risks associated with a single provider is difficult for a buyer, then it's virtually impossible to evaluate the risks of a multivendor service. Buyers are not the only ones that would benefit from a streamlined approach to provider evaluation. Investors and insurance underwriters will also be more supportive of cloud service providers as risk assessment practices become standardized.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Recommended Reading:

Gartner, Inc. | G00263850 Page 39 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"Survey Analysis: Assessment Practices for Cloud, SaaS and Partner Risks, 2013"

"ISO/IEC 27001:2013 Shifts Focus From the Effectiveness of Controls to Risk Treatment Plans"

ADLM PaaS

Analysis by: Thomas E. Murphy

Definition: Application development life cycle management platform as a service (ADLM PaaS) solutions are defined as cloud-delivered tools designed to govern the development and delivery of software. These platforms combine core ADLM capabilities with extensibility based on Web protocols and delivery via cloud infrastructure. ADLM PaaS tools can support on-premises and cloud applications.

Position and Adoption Speed Justification: Although most ADLM tools are delivered for internal deployment, ADLM PaaS solutions have been available for several years and there is increasing visibility of the major players (such as HP, IBM and Microsoft). The number of solutions in the market is growing and we are seeing the Nexus of Forces (confluence of mobile, big data, cloud and social) impact how AD teams work. However, the market is still evolving, with a lack of widely supported standards for metadata models, a lack of standard service definitions and a wide span of solution types. Many of the vendors in the market are still relatively young; many are pre-public and maturing in their business models to support enterprise-scale use.

Successful platform providers are now seeing marketplaces form around their offerings, and consumers are experiencing the value of more rapid innovation as the community builds new functionality on the core platform. These markets bring new functionality to market faster and are also expanding the addressable market for the products. As the provider focuses on the IT core, third parties can create value into the extended organization (such as extending agile planning tools beyond the development team).

A hindrance to adoption is the ability to transition from current on-premises solutions into cloud- delivered solutions, because cloud solutions from traditional providers are often new products, or users will be transitioning from an existing vendor to a new vendor. At this point, most IT organizations are still focused on on-premises solutions for ADLM but we expect many to transition in support of distributed teams and a mix of in-house and outsourced labor. Integration is often the last area in which vendors invest and integration among tools is still uneven in implementation quality. As a result, these initial forays often have limited extensibility or support for integration to other cloud or on-premises toolsets. However, third-party integration middleware facilities are appearing (such as Tasktop Sync and Kovair Omnibus Integration Platform) that can tie together disparate ADLM solutions. Successful users will begin to establish the role of application development life cycle architect to define process and data model standards.

This focus on integration and extensibility will mean that current internal ADLM systems of record (such as requirements, test cases, defects and project management) will be enabled to create new systems of engagement that cross traditional role boundaries and enable greater team flexibility. Current tools have a variety of delivery models, but most of the initial offerings are being delivered via the public cloud, which currently hinders adoption. However, the appeal of DevOps practices

Page 40 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

will continue to propel adoption as teams look for improved ways to support distributed teams, and vendors will respond with additional solutions.

User Advice: Development organizations should explore ADLM PaaS solutions for small to midsize teams, especially where the user population may be dynamic and the focus is on agile methods. Distributed or virtual teams will value ADLM PaaS's simplification of user management and focus on collaboration. Ensure that you are comfortable with the data security and protection against loss, or that you are able to back up data to your location.

Focus on tools that integrate cleanly with your currently deployed ADLM tools and closely examine integration facilities pushing vendors for clarity on directions. Also, look for participation in standards efforts, such as Open Services for Lifecycle Collaboration (OSLC) and World Wide Web Consortium (W3C) Linked Data.

Organizations using PaaS and, especially, application platform as a service (aPaaS) are strong candidates for ADLM PaaS.

Recognize that integration of application life cycle processes starts with internal standardization of process and data (such as definitions for the defect remediation process, severity and priority). Establish an ADLM architect role to manage these definitions.

Business Impact: The primary impact of ADLM PaaS is the pressure it's putting on the market to create tools that enable integration across heterogeneous application development life cycle management tools and processes. ADLM initially started with a focus on single vendor stacks and integration that was API-centric. Cloud-delivered ADLM services are shifting the overall ADLM tools market to deliver platforms that use a message-oriented architecture and a Web architecture that supports distributed repositories, rather than a single monolithic repository. This fits the needs of most user organizations, where the elements of the ADLM stack (such as requirements management and quality management) have been acquired by individual teams (such as business analysts and the quality assurance team). ADLM PaaS solutions provide flexibility. Connecting disparate tools and their assets enables teams to realize the value that was initially promised with ADLM.

Closely matched to this is the adoption of agile methods. The ADLM PaaS solutions provide solid support and, by virtue of the delivery format, they tend to be well-designed for the collaborative nature of agile methods. This reduces the complexity of deployment and collaboration for teams, and enables organizations to more-readily scale agile practices and support geographically dispersed teams, taking advantage of labor rates and skills.

The business also benefits from ADLM PaaS via the reduced costs of provisioning and maintenance, as well as the flexibility to match with changing work structures and use internal (potentially distributed) workers, combined with outsourced or crowdsourced development. By moving tools toward a more collaborative and browser-delivered format, we believe that development and the business can become more tightly integrated. This will provide greater transparency into project status, as well as support the ability to collaboratively develop requirements and move efficiently through user acceptance testing.

Gartner, Inc. | G00263850 Page 41 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Maturity: Emerging

Sample Vendors: Atlassian; CollabNet; Elementool; Enalean; GitHub; HP; IBM; Kovair; Microsoft; QMetry; Rally; Tasktop; VersionOne; Zephyr

Recommended Reading:

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

"Magic Quadrant for Application Development Life Cycle Management"

"How to Choose ADLM Products as Mobile and Cloud Technologies Proliferate"

Enterprise Integration PaaS (iPaaS)

Analysis by: Massimo Pezzini

Definition: Integration PaaS (iPaaS) is a cloud services suite that provides a platform to support application, data and process integration projects, usually involving a combination of cloud services (that is, cloud-based applications or Web APIs) and on-premises systems. iPaaS delivers a combination of capabilities that are typically found in ESBs, data integration tools, B2B gateways, managed file transfer products and API management platforms. IT departments leverage these capabilities to develop, execute and manage integration interfaces in the cloud.

Position and Adoption Speed Justification: The iPaaS market emerged from the intersection of cloud services integration (CSI), mobile app integration (MAI), e-commerce B2B integration, API management, PaaS and traditional application and data integration middleware.

Several stand-alone iPaaS offering are available, but iPaaS functionality is also increasingly provided as an "embedded" feature in broader cloud services, such as SaaS and multifunction PaaS offerings. B2B integration specialists that deliver integration brokerage and cloud services brokerage sometimes provide iPaaS features as a component of their IT service offerings.

Several thousands of organizations, of all sizes and vertical industries, have so far adopted iPaaS offerings, attracted by their ease of use, low cost of entry and flexibility. The primary use case for iPaaS is CSI, but their use for publication and management of Web APIs, MAI and Internet of Things (IoT) scenarios is expanding quite rapidly. In addition, some organizations have adopted iPaaS as a complement to (but at times, also as a replacement for) traditional, on-premises enterprise service buses, B2B gateway software or data integration tools to support e-commerce B2B and on- premises application and data integration projects.

iPaaS was, for several years, a niche for specialist players, but the fast market growth has recently garnered the attention of established application infrastructure vendors. These companies have entered (or will soon enter) the market via acquisitions (for example, IBM's acquisition of Cast Iron

Page 42 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Systems), cloud renditions of their established platforms (for example, Actian, Informatica, MuleSoft, Oracle, Red Hat, Talend, Tibco Software and Software AG) or new developments (for example, from Microsoft and SAP). In parallel, iPaaS offerings have been evolving by incorporating process integration, API management, data quality and other advanced features.

Driven by the explosion of innovative and time-constrained digital business initiatives, and pushed by the marketing machine of the several powerful and credible vendors entering this market, iPaaS adoption will continue to grow quickly, both in SMBs and large organizations. However, adoption will be somewhat slowed by factors such as lack of trust in a new paradigm, market fragmentation (the number of iPaaS providers will keep increasing), the dubious viability of some pure-play providers, a relative lack of skills, and not yet well-crystallized industry best practices.

User Advice: Compelling iPaaS value propositions include financial and cost benefits (lower cost of entry due to the subscription-based pricing, lower IT operation costs), faster time to integration, greater ease of use than traditional integration middleware, and the consolidation into one platform of a range of capabilities that could previously be found only in multiple, discrete on-premises integration products.

Directors of integration and other IT leaders involved in defining and implementing integration strategies should look at iPaaS as a viable option for projects that are characterized by low budgets, severe time constrains, and informally defined and incrementally formulated requirements.

Therefore, IT leaders — especially those endorsing adaptive integration and/or evolving toward a bimodal approach — should adopt iPaaS to complement traditional middleware to support projects that address CSI, MAI, Web API enablement, e-commerce B2B and IoT integration. However, such a perspective will imply incremental complexity due to the additional skills that are required and the need to manage and federate different integration platforms.

Despite security and performance concerns, iPaaS may also be suitable for on-premises integration, especially for lightweight projects, for integration of remote locations (for example, branch offices and stores), and for SOA federation requirements. However, most iPaaS offerings may still prove inadequate for the most complex and demanding integration requirements, for which on-premises integration platforms still remain the most proven option.

For most large organizations, the coexistence of multiple iPaaS and traditional on-premises application infrastructures will be the norm. Therefore, IT leaders should plan to extend their skills and governance processes to make their established integration platforms work with iPaaS offerings, in the context of hybrid integration platforms and bimodal approaches to integration. For this reason, IT leaders should favor iPaaS vendors that support the notion of hybrid integration platform by providing on-premises deployment models for their offering, or those with a proven track record in working in combination with the most popular on-premises integration platforms.

Business Impact: By using iPaaS offerings, central IT departments and LOBs can quickly and cost- effectively integrate business processes that encompass cloud services and on-premises applications without acquiring, deploying and managing complex and expensive integration platforms. This will help IT leaders to:

Gartner, Inc. | G00263850 Page 43 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Reduce new SaaS application time to value

■ Increase business process efficiency

■ Integrate better and more deeply with business partners

■ Enable business innovation through mobile apps and IoT integration

■ Control on-premises integration IT costs

Through iPaaS, the state-of-the-art application and data integration technology that was used only by large organizations is now also accessible to midsize businesses, enabling them to improve the quality and agility of their business processes.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Actian; Dell Boomi; Flowgear; Fujitsu; IBM Cast Iron; Informatica; Jitterbit; Microsoft; MuleSoft; Skyvva; SnapLogic; Software AG; Talend; Tibco Software; WSO2

Recommended Reading:

"Magic Quadrant for Enterprise Integration Platform as a Service"

"Who's Who in Integration Platform as a Service"

"What IT Leaders Need to Know About Integration PaaS for Cloud Services Integration (and More)"

"What IT Leaders Need to Know About Cloud Services Integration: Proactively Address the Challenge"

"Adopt an Adaptive Approach to Effectively Support Rapid Integration Requirements"

Cloud Management Platforms

Analysis by: Milind Govekar; Ronni J. Colville; Donna Scott

Definition: CMP tools have specific functionality that addresses three key management layers — access management, service management and service optimization — that enable organizations to manage public, private and hybrid cloud services and resources.

Position and Adoption Speed Justification: A CMP must have the top three layers of a cloud services architecture (see "How to Build an Enterprise Cloud Service Architecture") but may not include all functionality within each layer. The minimum capabilities to be considered a CMP include the entire access management layer; the service catalog, provisioning and showback/chargeback functionality of the service management layer; and the orchestration and abstraction/integration functionality (for resource management and external service providers) in the service optimization layer. Over time, as the technologies and uses of it mature, we expect additional functionality to be

Page 44 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

added to the minimum to be considered a CMP. For example, we already see that most clients want to go beyond physical and virtual machine provisioning and enable provisioning of software and software stacks (private PaaS). Those clients would therefore require their CMPs to have configuration management functionality, either embedded or integrated with a third-party product.

Access management tier includes:

■ Self-service request interface

■ Programmable interface

■ Subscriber management

■ Identity and access management

Service management tier includes:

■ Vendor/contract/license management

■ Service catalog

■ Service model

■ Service configuration management, including service provisioning

■ Service-level management

■ Service availability and performance management

■ Service demand and capacity management

■ Service financial management, including metering, showback and billing

Service optimization includes:

■ Service governor (policy management and optimization engine)

■ Orchestration

■ Abstraction layer to external service providers and to resource management tier (internal/ external)

■ Federation

In addition to the three key layers of a CMP solution, another important capability needs to be considered: integration to external management systems using adapters (or the ability to leverage APIs). CMPs are adding more functional cloud service brokerage (CSB) capabilities (aggregation, integration and customization), particularly to provision, govern and manage workloads and services across multiple private and public cloud environments. For some IT organizations, private cloud has quickly shifted from IaaS to private-PaaS and in some cases desktop as a service (DaaS; for VDI environments). When the focus is private PaaS, CMP tools will need more rigor with service modeling and software infrastructure provisioning (middleware and database), and, in cases where

Gartner, Inc. | G00263850 Page 45 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

there is a DevOps focus, application release automation may also be required as an add-on. As a result, these IT organizations will move from a VM or workload orientation to a services (multitier) focus. Not all CMP tools offer a service-modeling capability that will enable the necessary mechanisms to define policies, security, costing and SLAs to manage the life cycle of the service. IT organizations will continue to be challenged to assess CMP solutions that vary greatly in the depth and breadth of their cloud management platform architectures. Over time, CMP consolidation will occur. This may involve rip and replace or integration and federation of CMPs.

CMP solutions provide a mechanism to manage the virtual infrastructure, whether private, public or hybrid, and some are now adding integration or connectors to traditional infrastructure provisioning automation. True hybrid implementations of cloud, and thus, CMPs, in end-user organizations are still very low and so CMP capabilities are still evolving in this area. The CMP market is composed of vendors from a wide variety of market segments:

■ Large ITOM vendors

■ Software infrastructure vendors

■ Emerging vendors

■ Integrated infrastructure vendors

■ Open-source vendors

User Advice: With the number of vendors continuing to grow, and the high market volatility due to a constant influx of new players and continued acquisitions, IT organizations should consider that:

■ Today's investments may need to be tactical (ROI of 24 months or less), especially with smaller vendors that may exit the market or be acquired, or when investments are made before a complete cloud computing strategy is developed. Larger vendors will also upgrade their functionality dramatically over a short period of time.

■ No vendor provides a complete CMP solution. Therefore, for some requirements, IT organizations may need to augment, swap out or integrate additional cloud management or traditional management tools.

■ Getting value out of your CMP will depend heavily on the degree of standardization your infrastructure, software and services offer. Highly mature organizations implement CMP in a relatively short time period (one to two years). However, less mature organizations may require three or more years in order to design effective standards and processes that are repeatable and automatable.

■ New roles may be required: for example, development skills in the infrastructure and operations organization, financial management and capacity management.

Business Impact: Enterprises will require CMPs to maximize the value of cloud computing services, regardless of whether they're external (public), internal (private) or hybrid. This means increasing agility, managing and governing the consumption of cloud services, lowering the cost of service delivery, reducing the risks associated with these providers and potentially reducing lock-in to underlying software infrastructure.

Page 46 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Early mainstream

Sample Vendors: Adaptive Computing; BMC Software; CA Technologies; Cisco; Citrix; CliQr; CloudBolt Software; CloudStack; Convirture; CSC; Dell; Egenera; Embotics; Eucalyptus; HP; IBM; Microsoft; OpenNebula; OpenStack; Red Hat; RightScale; Scalr; VMware; Zimory

Recommended Reading:

"How to Build an Enterprise Cloud Service Architecture"

"How the Cloud Management Platform Market Shakeout Will Affect Buying Decisions"

"Market Guide for Cloud Management Platforms From Large Software and Emerging Vendors"

"Market Guide for Integrated Infrastructure Systems Cloud Management Platforms"

"Market Guide for Open-Source Software Cloud Management Platforms"

Cloudbursting

Analysis by: Donna Scott; Daryl C. Plummer; Neil MacDonald

Definition: Cloudbursting is the use of an alternative set of public or private cloud-based services as a way to augment and handle peaks in IT system requirements at startup or during runtime. Cloudbursting can span on-premises IT systems and services and the cloud, across multiple cloud providers or across multiple resource pools of a single provider. It can also be enabled across multiple internal data centers, across multiple external data centers, or between internal and external data centers.

Position and Adoption Speed Justification: For enterprise IT consumers, initial interest is to provide capacity for peak workloads from on-premises to cloud-based infrastructure as a service (IaaS), or to move less critical resources to a cloud provider to free up capacity for more critical on- premises workloads. Today, this usage scenario is often a manually initiated process (for example, push-button automation), but over the next two to three years, it will increasingly be automated through the use of triggers through the use of service governor technology for the following roles:

■ A provisioning time placement role

■ A runtime movement role

■ A runtime "expansion" role

The first is the easiest and requires the least governance intelligence. The second is harder, likely requires some downtime and will be less common. The third role will require applications that are

Gartner, Inc. | G00263850 Page 47 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

specifically written or adapted to cloudbursting, such as grid or high-performance computing applications and scale-out Web architectures that can disperse the work in parallel.

Many enterprises desire cloudbursting for their commercial scale-out Web applications, and some have implemented appropriate trigger rules and automation to scale the capacity; however, this is not commonly done. Barriers include inadequacy of root cause analysis tools, latency across data centers, security and networking configuration and automation. In addition, a vendor's licensing restrictions for OS and application movement may also inhibit the adoption of cloudbursting.

Standards for the seamless exchange of workloads, security and service-level agreement requirements between alternative providers have not yet matured. For this reason, automation of this process will initially be tied to a specific vendor's implementation, or will likely require migration/ conversion or, alternatively, the use of identical technologies in both locations.

Cloudbursting will not be limited to IaaS, although that is where most organizations will initially adopt this technology. Platform as a service (PaaS) and software as a service (SaaS) cloudbursting will also become viable during the next three to five years, built directly into application platforms. We are already seeing early versions of PaaS enablement of elasticity (in the same resource pool, but not yet across resource pools or data centers).

A key challenge to cloudbursting is an understanding of the application architecture and associated constraints, which will slow adoption. For example, which IT service tiers could take advantage of additional capacity, how near or far away should the data centers be physically located and how would the data be accessed? For example, network latency could make cloudbursting impractical if, for example, it increases customer response time and negatively impacts the user experience. In addition, if data is required in the alternative location, steps would have to have been taken to replicate the data to the bursting data center in advance, increasing the complexity and cost and reducing the potential benefits of a cloudbursting implementation. For that same reason, runtime movement of applications between data centers is inordinately complex with respect to the data issues, and rarely undertaken. While we do see some cloudbursting or horizontal scale of capacity from one data center/provider to another, it is still immature and requires significant technical infrastructure and security skills to implement. As a result, provisioning time selection of data centers and providers will continue to be the more typical use case for early adopters.

User Advice:

■ Assess which applications will get value from cloudbursting and whether they meet technical criteria and constraints for implementation (such as whether they are designed to be distributed, network latency, data access/replication, etc.).

■ Incorporate cloudbursting into the IT service designs of workloads with highly variable levels of utilization to address peak periods of usage without having to overprovision on-premises-based IT systems. Recognize that implementation will require development and integration skills both to enable bursting (e.g., security, IP addressing, provisioning, etc.) as well as to trigger the increase or decrease in capacity, and to write the automation to perform the implementation.

Page 48 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Consider cloudbursting as a means to broker service delivery through many internal and external resources, for example, through cloud management platforms that will provision to the right provider/data center based on rules and policies.

■ Explore the use of cloudbursting with IaaS, but also evaluate PaaS and SaaS vendors on their ability to provide such capabilities.

Business Impact: Cloudbursting reduces the cost of provisioning IT systems for peak workloads (such as the holiday season or the quarterly close process) or overall peak capacity. It enables alternative providers' systems to be used as overflow for on-premises or cloud-based systems.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Amazon; Bracket Computing; HP; Red Hat; RightScale; ServiceMesh

Recommended Reading:

"Unready for the Future: Discarding Outdated Application Architecture Assumptions"

"Five Cloud Computing Trends That Will Affect Your Cloud Strategy Through 2015"

Platform as a Service (PaaS)

Analysis by: Yefim V. Natis

Definition: A platform as a service (PaaS) offering is middleware capabilities offered as cloud services. There is a variety of types of middleware on-premises and Gartner tracks multiple types of PaaS, including application platform, integration, business process management, business analytics and database PaaS. Most of the early attention has been on the public renderings of application PaaS like Force.com and App Engine, but more recently, other forms of PaaS and the private PaaS are emerging as subjects of strategic planning and investment.

Position and Adoption Speed Justification: PaaS is the smallest of the three key cloud computing markets (others being infrastructure as a service [IaaS] and SaaS). It is the least deployed and generates the least revenue. PaaS is often confused with middleware deployed on IaaS (IaaS+) and it is typically underestimated as just the application platform as a service (aPaaS). The limited direct exposure and confused perceptions by the IT organizations, coupled with sometimes misguided investment in PaaS by the IT industry megavendors, create the environment of hype and confusion around PaaS.

Various recent developments, however, are contributing to the growing trend by mainstream IT organizations to begin strategic planning that includes adoption of private, public and hybrid PaaS. These developments include the growing adoption of the integration PaaS (iPaaS) for cloud service integration (driven by the fast-growing adoption of SaaS), the emerging Cloud Foundry Foundation

Gartner, Inc. | G00263850 Page 49 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

that's backed by many industry megavendors and large user organizations (an apparent attempt to establish an early PaaS "standard") and fast-growing interest in private PaaS (enabled in part by the growing maturity of cloud management platform and some PaaS framework offerings).

A combination of colocated IaaS and PaaS is emerging as a growing architecture for cloud application infrastructure. Most IaaS vendors are adding PaaS capabilities for customers that look for greater productivity, but some notable PaaS-first vendors, such as Microsoft and Google, have added full IaaS support, recognizing that most customers seek a combination of the characteristics of IaaS and PaaS — high degree of control of dedicated resources versus higher productivity and efficiency of a shared platform. Given the size and momentum of the IaaS market — the combined use accelerates the adoption of PaaS.

Growing adoption of SaaS and IaaS also helps promote the virtues of PaaS: Users of SaaS need to extend and integrate those services and turn to aPaaS (such as Google App Engine or salesforce.com Force.com) or iPaaS (like Informatica and Dell Boomi); users of IaaS often wish for higher productivity for the infrastructure management and administration and upgrade to PaaS platforms. The components of the Nexus of Forces also contribute to the growing adoption of PaaS: Analytics platforms that utilize cloud big data sources tend to be offered as cloud services (such as 1010data and Tibco Jaspersoft); many mobile applications look for a chance to manage the data on the server and give strength to the market of cloud mobile back-end services (such as appMobi and Appcelerator); the popular approach of using cloud for development and test of applications propels the cloud application development and life cycle management services (such as Sonatype and Soasta).

The variety of different categories of PaaS (xPaaS) specialties and the continuing uncertainty in PaaS strategies of some IT industry megavendors keep PaaS at high levels of confusion and hype in the overall IT marketplace, but the growing hands-on experience by many IT organizations begins to push the market toward the reality of the capabilities and limitations of its many technologies, architectures and competing vendors.

User Advice:

■ Recognize that PaaS can provide application platform, integration, business process management, portal, database management, in-memory data grids, event processing and other middleware services. The PaaS market can be as diverse in functionality as the traditional middleware market, but no vendor offers a comprehensive all-inclusive and integrated PaaS offering. Examine available PaaS functionality against your project requirements when evaluating PaaS offerings.

■ Build applications using PaaS to gain expertise in this important emerging area of technology. The applications built using today's PaaS should be designed for ROI within the next two to three years, to provide organizations with the flexibility to transition to more mature PaaS offerings as they emerge. Massive projects that cannot deliver ROI in a limited time should either not be committed to PaaS at this time or should be divided into smaller components, some of which may be built on PaaS.

Page 50 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Consider aPaaS for developing cloud-native applications. Consider iPaaS for cloud service integration. Both categories of PaaS are growing fast and are central to the successful transition of IT organizations to cloud and hybrid computing.

■ Give preference to vendors that are more likely to accumulate multifunctional PaaS offerings when engaged in long-term planning. Unlike on-premises — where users can take a best-of- breed approach to selecting component technologies from different vendors — in the cloud, the winning scenario will be where many platform requirements of an application are provided in one data center network by one cloud provider.

Business Impact: A prerequisite for leadership in software infrastructure markets has been a vendor's ability to take a leading role in establishing the prevailing programming models and architectures for software developers. This role enabled vendors to build ecosystems of partners, and the leading ecosystems amounted to sustainable industry leadership. Analogously, leadership in the PaaS market will require leadership in the evolution of standards, architectures and best practices in cloud application platforms and application services. IT megavendors, such as Google, HP, IBM, Microsoft, Oracle, salesforce.com and SAP, are strategically invested in this market.

During the next five years, reliable and functionally rich PaaS offerings from industry-leading providers will alter the business of engineering, integrating and delivering software to enterprises and consumers. A mature, functional, always-on, high-productivity PaaS will form the foundation for a wave of innovation in business application services, as independent software vendors turn their engineering efforts to these platforms. Beyond that time frame, new levels of agility, resource sharing, ubiquitous access, quality of service and the productivity of software engineering will change the way IT organizations plan and develop software, the kinds of skills they'll require, and how they'll be managed, evaluated and budgeted. The cloud-native PaaS will lead to new cloud- native business applications that cannot be delivered at justifiable costs today.

With PaaS, enterprise IT has an opportunity to refocus from the responsibility for software infrastructure to some differentiated business services and to become more responsive to business demands; however, the cost of IT will not decline. Instead, it will be rearranged, with more spending going to cloud service providers and brokerages, and more internal IT spending on the composition of user-facing business solutions, management and integration. Full-scale internal custom engineering will be limited to highly differentiating specialized application systems, typically anchored on data that, for one reason or another, must remain on-premises. Many businesses will become not only consumers but also providers of cloud services, expanding their IT perspective from inward-looking enterprise-class to outward-facing global-class architectures. Hybrid computing will become the norm, challenging architectures and organization of enterprise IT.

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Gartner, Inc. | G00263850 Page 51 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Sample Vendors: 1010data; Amazon Web Services; Apigee; Appian; CloudBees; Covisint; Dell Boomi; Google; IBM; Informatica; Microsoft; Numenta; Pegasystems; Progress Software; salesforce.com; SkyGlue; Soasta; Software AG; Tibco Software; WSO2

Recommended Reading:

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

"Now Is the Time for Mainstream IT Organizations to Understand PaaS"

"What IT Leaders Need to Know About Application PaaS Models and Use Patterns"

"Gartner Reference Model for PaaS"

Cloud Service Brokerage

Analysis by: Benoit J. Lheureux; Daryl C. Plummer

Definition: Cloud service brokerage (CSB) is an IT role and business model in which a company or other entity adds value to one or more (public or private) cloud services on behalf of one or more consumers of that service via three primary roles: aggregation, integration and customization brokerage. A CSB enabler provides technology to support the implementation of CSB, and a CSB provider offers combined technology, people and methodologies to help companies implement and manage public or internal cloud-related IT projects.

Position and Adoption Speed Justification: As cloud services and their use via public and private cloud consumption proliferate, cloud consumers are seeking help to simplify and improve cloud consumption across multiple providers and services. CSB delivers three primary facilitating roles to improve cloud consumption: aggregation, integration and customization brokerage (see "A CIO Primer on Cloud Services Brokerage"). Many users that need help will rely on external service providers (see "Service Provider Primer: Cloud Services Brokerage"). Others — often lines of business — will seek help from central IT, which will respond by implementing an internal CSB role (see "Internal CSB Role Is Emerging Within IT Organizations").

Examples of IT providers adopting the CSB role in various ways include, but are not limited to:

■ Outsourcers and system integrators (for example, CSC, Deloitte, Fujitsu, HP, IBM, Infosys, Tata Consultancy Services, and Wipro): Such providers are leveraging their skills in all three primary CSB roles, investing in multitenant cloud architectures (see examples of CSB-enabling technologies below) and offering cloud-centric service offerings for cloud-centric IT projects.

■ Specialist "cloud-first" CSBs (for example, Appirio, Bluewolf, Celigo, Cloud Sherpas, LTech and Statera): Such providers are focused on cloud-centric projects, have cloud-native IT infrastructure (for example, often incorporating integration platform as a service [iPaaS]), provide professional and consulting services, and often revolve around a partner cloud ecosystem (for example, salesforce.com, ServiceNow, SuccessFactors, Workday or Google).

■ Providers of iPaaS are also doing integration brokerage (for example Actian, Dell Boomi, IBM WebSphere Cast Iron, Informatica, and Jitterbit and MuleSoft and Actian [Pervasive]): Most of

Page 52 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

these providers primarily focus on delivering iPaaS functionality for companies and partners that will do cloud service integration themselves using their solution, but sometimes they also do consulting and integration fulfillment themselves.

■ B2B/e-commerce providers (for example OpenText [GXS], IBM [Sterling Commerce], Liaison Technologies and SPS Commerce): Such providers leverage their mature B2B integration competency from doing traditional B2B/e-commerce projects, and reapply those skills to cloud service integration projects, which turn them into providers of integration brokerage.

■ Providers of business process services (for example, Atlantic Technologies, BlinkHR by ExpertMarkets and E2open): Such providers deliver business process outsourcing (BPO) for specific processes (for example, vendor-managed inventory [VMI], returns logistics) that heavily leverage cloud-centric infrastructure, including all three primary CSB roles, and are process- model-driven.

■ Evolving IT distributors/resellers (for example, Arrow, Ingram Micro, Nervogrid, Synnex and Tech Data): Such providers are focused on creating an easy to consume model for their downstream channel partners (value-added resellers) with SaaS, IaaS and PaaS services. They are initially investing heavily in CSB aggregation via a single sign-on "marketplace."

■ Communication service providers: Such providers supply CSB especially as a way to offer IT services to SMB companies, often in conjunction with the data center and outsourcing services they provide to enterprise customers. Examples include Orange, KPN, Deutsche Telekom, SingTel, Comcast and Bell Canada.

Various IT providers also deliver various forms of CSB-enabling technology. Such technologies are utilized both by external service providers of CSB, as well as by companies where IT — via the internal CSB role — is the provider of CSB. Examples include:

■ Providers of CSB-enabling technology facilitating aggregation brokerage for large-scale cloud service provisioning, such as AppDirect, ComputeNext, FullArmor, HP, IBM, Jamcracker, LuxCloud, 9 Spokes and Parallels (see "Manage Your Cloud Services With the Right Roles and Technologies").

■ Providers of cloud management platforms such as Verizon (CloudSwitch), BMC Software, CA Technologies, HP, IBM, Microsoft and VMware — see "Market Guide for Cloud Management Platforms From Large Software and Emerging Vendors," and "Market Guide for Open-Source Software Cloud Management Platforms."

■ Providers of integration PaaS, such as Actian (Pervasive), Dell Boomi, IBM, Informatica, Jitterbit, MuleSoft and SnapLogic, which support a range of application, data and service/API integration capabilities that enable real-time and batch exchange of messages and data between cloud services (and on-premises endpoints), thus facilitating process integration and application composition.

■ Providers of application PaaS (aPaaS), such as salesforce.com, Microsoft, Google, Software AG, Progress Software, Red Hat, MIOsoft, WSO2 and CloudBees, which support development, runtime execution and life cycle management of cloud-enabled business applications as well as

Gartner, Inc. | G00263850 Page 53 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

the core cloud capabilities, such as self-service, multitenancy and fast scaling (see "Magic Quadrant for Enterprise Application Platform as a Service").

■ Providers of fine-grained API management capabilities such as Apigee, Intel (Mashery), SOA Software, CA Technologies (Layer 7 Technologies), 3scale and Axway (Vordel), for use by companies and partners fulfilling the CSB role (see "Devise a Systematic API Management and Governance Strategy for Long-Term CSB Success").

■ Providers of business process management (BPM) platform as a service (PaaS) such as Appian, Fujitsu (RunMyProcess), OpenText (Cordys), and Kofax, offering technology that integrates processes, applications and data across multiple cloud services, giving workers in multiple organizations better visibility into process performance and compliance (see "MarketScope Business Process Management Platform as a Service").

■ Providers across a wide range of technology focus areas, including cloud security (CipherCloud, Okta), federated help desk (Cisco [SolveDirect]), cloud service product management (Appregatta Technologies) and notification services (Twilio), just to name a few.

CSB-facilitated cloud-centric projects are proliferating and, by 2017, companies worldwide will spend $141 billion on CSB-related IT services (see "Forecast: Public Cloud Services Brokerage, 3Q13"). Thus, client demand for information and advice on how and where to secure help in procuring CSB services, or how to establish internal CSB capabilities is growing. Given the growing user adoption and interest — and an increasing awareness that fulfilling the CSB role (either internally or via outsourcing) is nontrivial — we have moved this technology profile over and just past the Peak of Inflated Expectations, as users shift from general interest to more pragmatic implementation and begin to experience the challenges of assuming the CSB role. Most service providers and internal IT organizations have not yet achieved their full CSB potential, and there are still many lessons to be learned. Thus we anticipate more disappointment over the next few years that will drive CSB down into the Trough of Disillusionment.

User Advice: Consider an external service provider when you lack and/or don't want the requisite CSB skills and technology, or when an external provider can best meet your time-to-deployment or risk management requirements. Assess CSB provider maturity at the commercial and technical level (see "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role").

Consider an internal CSB role when it is perceived as a required internal core competency; for example, when you want full unilateral control over cloud consumption, or you are responsible for delivering IT services across a hybrid combination of public and private cloud (see "Internal CSB Role Is Emerging Within IT Organizations").

Give preference to CSB service providers or CSB technology enablers that have a road map indicating broad understanding of the emerging role of the CSB as the enterprise strategic intermediary for cloud consumption.

Business Impact: While many cloud services will be consumed directly, the complexity of doing so will drive at least some users to CSB providers to simplify and improve the process (see "Predicts 2014: Cloud Services Brokerage").

Page 54 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Sample Vendors: 9 Spokes; Alcatel-Lucent; Apigee; Appirio; Axeda; Axway (Vordel); Capgemini; CA Technologies (Layer 7); Celigo; Cloud Sherpas; ComputeNext; CSC; GCommerce; Gigya; IBM; Interworks; Jamcracker; Jitterbit; Liaison Technologies; LTech; Microsoft; Nephos Technologies; Okta; Oodrive (CommonIT); OpenText (GXS); Oracle (AmberPoint); Statera; StrikeIron; Synnex; Tata Consultancy Services (TCS); Verecloud; Wipro; Xignite

Recommended Reading:

"Cool Vendors in Cloud Services Brokerages, 2013"

"Cool Vendors in Cloud Services Brokerage Enablers, 2013"

"Predicts 2013: Cloud Services Brokerage"

"A CIO Primer on Cloud Services Brokerage"

"Cloud Services Brokerages: A High-Impact Opportunity for IT"

"How Private PaaS Can Begin to Transform Your IT"

"2014 Strategic Road Map for Business Process Innovation in Hybrid IT"

Sliding Into the Trough

Application PaaS (aPaaS)

Analysis by: Yefim V. Natis

Definition: Application platform as a service (aPaaS) offers application execution environment and associated development and management tools — as a cloud service. It is an application server and composite application platform "in the sky," and is one of many functional types of PaaS, although it is often erroneously seen as synonymous with all of PaaS. An aPaaS is always integrated or linked with a database system, which may or may not be also offered as a cloud database service (that is, dbPaaS) in its own right.

Position and Adoption Speed Justification: In 2013, Gartner tracked more than 35 vendors offering some form of an aPaaS (see "Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"). Industry megavendors and small innovators continue to compete in this new and unsettled market. The offerings run the gamut of multitenancy types, from shared hardware to shared everything (see "Gartner Reference Model for Elasticity and Multitenancy"). Some are

Gartner, Inc. | G00263850 Page 55 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

targeting the high-productivity market, and many are focusing on the high-control market (see "Productivity vs. Control: Cloud Application Platforms Must Split to Win").

The process of establishing the common platform architecture practices for aPaaS remains in its early stages and no standards are yet proposed. Most leading application infrastructure vendors, including IBM, Oracle and Microsoft, are still developing their insights into cloud computing and are investing first in backward-compatibility with on-premises skills and programming models (at the expense of some cloud characteristics). The market remains uncertain in its composition and leadership. Most current aPaaS offerings are either slow in coming (redesigns, prolonged betas and limited availability), come from small providers with a limited ability to execute, or are proprietary. Some users deploy traditional platform middleware over an infrastructure as a service (IaaS), like Amazon Elastic Compute Cloud (EC2), and, mistakenly, consider that an instance of an aPaaS (see "What IT Leaders Need to Know About Application PaaS Models and Use Patterns").

The emerging common model of cloud-based PaaS architecture (shared-OS, as in Cloud Foundry, Heroku and OpenShift) is focused on support of self-service and relatively coarse scaling. While these new technologies can provide significant benefits in a private PaaS setting (improved productivity of administration and management, higher density in resource utilization, and standardization of infrastructure), they are bound to disappoint as a public cloud service where users expect greater developer productivity, continuous software versioning, lower costs through fine-grain elasticity, unbreakable security and tenant isolation. Strategic investment in aPaaS by the IT megavendors helps encourage mainstream IT organizations to include aPaaS in their IT planning, but slow progress by these vendors and limited cloudiness of their offerings lead many mainstream technology users to discount aPaaS as a viable platform for mission-critical application deployment, pushing the technology further toward the Trough of Disillusionment.

User Advice:

■ Users should build applications using aPaaS to gain expertise in this important and emerging area of technology. However, the applications built using today's aPaaS should be designed for ROI within the next two to three years, to provide organizations with the flexibility to transition to more mature aPaaS offerings as they become available.

■ Most users should plan for a hybrid IT environment, and should ensure that their application integration infrastructure — including the possible use of integration platform as a service (iPaaS) — is prepared to manage on-premises, private PaaS and public aPaaS-based cloud application services.

■ Application independent software vendors (ISVs), especially smaller startup ISVs, should look at the aPaaS opportunity as a serious long-term, game-changing option. Its low cost of entry, low burden of operations and, often, high degree of productivity and scale enable less-technical application ISVs to concentrate on their business expertise and leave the IT issues to others.

■ IT organizations that are not ready to use aPaaS, but anticipate its use in the future, should invest in developing a competent infrastructure environment for service-oriented architecture (SOA). Cloud services are exposed to subscribers in part through SOA-style interfaces, and a well-functioning SOA platform can begin to adopt aPaaS and SaaS as a gradual and

Page 56 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

incremental change. Without an SOA background, the transition to cloud computing will face higher costs and reduced initial value.

■ For organizations concerned with security and privacy of their data or constrained by regulation, private PaaS, including aPaaS, may be the useful initial step toward the adoption of cloud computing as a culture and mode of operation in their IT, in preparation for expanding to the use of a public cloud aPaaS in the future.

Business Impact: aPaaS changes the business model of application delivery and engineering for IT organizations, ISVs and system integrators. It also changes the budget priorities and the composition of skills required in an enterprise data center. More than any other type of PaaS services, aPaaS alters the operations, organization, practices and financing of enterprise IT organizations.

Benefit Rating: High

Market Penetration: 1% to 5% of target audience

Maturity: Adolescent

Sample Vendors: CloudBees; Engine Yard; Gnubila; Google; IBM; Microsoft; Pivotal; Progress Software; Red Hat; salesforce.com; SAP; Software AG; WSO2

Recommended Reading:

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

"What IT Leaders Need to Know About Application PaaS Models and Use Patterns"

"Now Is the Time for Mainstream IT Organizations to Understand PaaS"

"Gartner Reference Model for PaaS"

"Gartner aPaaS Report Card: Choose Your Cloud Application Platform Wisely"

Big Data

Analysis by: Mark A. Beyer

Definition: Big data is high-volume, velocity and variety information assets that demand cost- effective, innovative forms of information processing for enhanced insight and decision making.

Position and Adoption Speed Justification: Big data has crossed the Peak of Inflated Expectations. There is considerable debate about this, but when the available choices for a technology or practice start to be refined, and when winners and losers start to be picked, the worst of the hype is over.

It is likely that big data management and analysis approaches will be incorporated into a variety of existing solutions, while simultaneously replacing some of the functionality in existing market

Gartner, Inc. | G00263850 Page 57 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

solutions (see "Big Data Drives Rapid Changes in Infrastructure and $232 Billion in IT Spending Through 2016"). The market is settling into a more reasonable approach in which new technologies and practices are additive to existing solutions and creating hybrid approaches when combined with traditional solutions.

Big data's passage through the Trough of Disillusionment will be fast and brutal:

■ Tools and techniques are being adopted before expertise is available, and before they are mature and optimized, which is creating confusion. This will result in the demise of some solutions and complete revisions of some implementations over the next three years. This is the very definition of the Trough of Disillusionment.

■ New entrants into this practice area will create new, short-lived surges in hype.

■ A series of standard use cases will continue to emerge. When expectations are set properly, it becomes easier to measure the success of any practice, but also to identify failure.

Some big data technologies represent a great leap forward in processing management. This is especially relevant to datasets that are narrow but contain many records, such as those associated with operational technologies, sensors, medical devices and mobile devices. Big data approaches to analyzing data from these technologies have the potential to enable big data solutions to overtake existing technology solutions when the demand emerges to access, read, present or analyze any data. However, inadequate attempts to address other big data assets, such as images, video, sound and even three-dimensional object models, persist.

The larger context of big data is framed by the wide variety, and extreme size and number, of data creation venues in the 21st century. Gartner clients have made it clear that big data technologies must be able to process large volumes of data in streams, as well as in batches, and that they need an extensible service framework to deploy data processes (or bring data to those processes) that encompasses more than one variety of asset (for example, not just tabular, streamed or textual data).

It is important to recognize that different aspects and varieties of big data have been around for more than a decade — it is only recent market hype about legitimate new techniques and solutions that has created this heightened demand.

Big data technologies can serve as unstructured data parsing tools that prepare data for data integration efforts that combine big data assets with traditional assets (effectively the first-stage transformation of unstructured data).

User Advice:

■ Focus on creating a collective skill base. Specifically, skills in business process modeling, information architecture, statistical theory, data governance and semantic expression are required to obtain full value from big data solutions. These skills can be assembled in a data science lab or delivered via a highly qualified individual trained in most or all of these areas.

■ Begin using Hadoop connectors in traditional technology and experiment with combining traditional and big data assets in analytics and business intelligence. Focus on this type of

Page 58 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

infrastructure solution, rather than building separate environments that are joined at the level of analyst user tools.

■ Review existing information assets that were previously beyond analytic or processing capabilities ("dark data"), and determine if they have untapped value to the business. If they have, make them the first, or an early, target of a pilot project as part of your big data strategy.

■ Plan on using scalable information management resources, whether public cloud, private cloud or resource allocation (commissioning and decommissioning of infrastructure), or some other strategy. Don't forget that this is not just a storage and access issue. Complex, multilevel, highly correlated information processing will demand elasticity in compute resources, similar to the elasticity required for storage/persistence.

■ Small and midsize businesses should address variety issues ahead of volume issues when approaching big data, as variety issues demand more specialized skills and tools.

Business Impact: Use cases have begun to bring focus to big data technology and deployment practices. Big data technology creates a new cost model that has challenged that of the data warehouse appliance. It demands a multitiered approach to both analytic processing (many context-related schemas-on-read, depending on the use case) and storage (the movement of "cold" data out of the warehouse). This resulted in a slowdown in the data warehouse appliance market while organizations adjusted to the use of newly recovered capacity (suspending further costs on the warehouse platform) and moving appropriate processing from a schema-on-write approach to a schema-on-read approach.

In essence, the technical term "schema on read" means that if business users disagree about how an information source should be used, they can have multiple transformations appear right next to each other. This means that implementers can do "late binding," which in turn means that users can see the data in raw form, determine multiple candidates for reading that data, determine the top contenders, and then decide when it is appropriate to compromise on the most common use of data — and to load it into the warehouse after the contenders "fight it out." This approach also provides the opportunity to have a compromise representation of data stored in a repository, while alternative representations of data can rise and fall in use based on relevance and variance in the analytic models.

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Cloudera; EMC; Hortonworks; IBM; MapR; Teradata

Recommended Reading:

"Big Data Drives Rapid Changes in Infrastructure and $232 Billion in IT Spending Through 2016"

"Big Data' Is Only the Beginning of Extreme Information Management"

Gartner, Inc. | G00263850 Page 59 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"How to Choose the Right Apache Hadoop Distribution"

"The Importance of 'Big Data': A Definition"

Cloud BPM

Analysis by: Michele Cantara

Definition: Cloud business process management (BPM) refers to the use of BPM technologies in the public and private cloud. Cloud BPM includes collaborative process modeling in the cloud, social BPM, business process management platform as a service (bpmPaaS), BPM-enabling technologies delivered as cloud services and cloud-enabled BPM platforms.

Position and Adoption Speed Justification: BPM-enabling technologies include simple diagramming and process mapping tools, business process analysis (BPA) tools, business rule engines, business rule management systems, business activity monitoring (BAM), business intelligence (BI) tools, workflow and process execution, optimization and simulation, BPM suites (BPMSs), intelligent BPMSs (iBPMSs), and automated business process discovery (APBD) tools. These technologies are increasingly available as cloud services.

Collaborative process modeling and BPM modeling are often viewed as types of process discovery (see "Master Social BPM to Build a Social Organization"). Geographically distributed business process improvement teams are using these cloud-based modeling tools to accelerate requirement capture and process discovery, as well as to collaborate on the trade-offs between process standardization and variation. A few organizations are using these relatively lightweight modeling tools as their "repository for process models of record," (see "MarketScope for Enterprise Business Process Analysis"). One example of collaborative process modeling is IBM Blueworks Live, which is currently used by 900 enterprises and 50,000 users to support 900,000 processes.

The term "business process management PaaS (bpmPaaS)" refers to the delivery of BPM platform capabilities as a platform as a service (PaaS) by a service provider. A BPM platform minimally includes:

■ A graphical business process and/or rule modeling capability

■ A process registry/repository to handle the modeling metadata

■ A process execution, and either a state management engine and/or a rule engine

Other BPM-enabling technologies, such as ABPD, BAM, BI, analytics, complex-event processing (CEP), and simulation, may also be part of the platform, but they are not required.

End-user organizations employ bpmPaaS for a wide range of use cases:

■ In pilot projects to build a business case for on-premises BPM solutions

■ In development and test environments to avoid additional capital expenditures on software and hardware

Page 60 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ To rapidly build net new flexible applications for systems of differentiation and innovation or extend their systems of record. (See "SaaS, BPaaS and CSB Need Three Capabilities to Innovate or Transform the Business")

■ To reduce IT backlog by providing citizen developers with an easy-to-use opportunistic application development platform for processes largely made up of human tasks, and social and collaborative interactions

■ To obtain a real-time end-to-end view of business outcomes from business processes spanning partners and suppliers, as well as multiple cloud services

■ As a cloud services brokerage (CSB) enabling technology to help IT further the organization's hybrid IT strategy and act as an internal CSB or IT as a broker (ITaaB)

Cloud-enabled BPM (CE-BPM) is the use of a BPM platform as an on-premises product to deliver cloud services. CE-BPM is popular with directors of business process shared-service centers who are looking to establish an internal CSB capability. CE-BPM is also popular with aggregation brokerages, such as AppDirect, which recognize that their CSB integration and customization partners need bpmPaaS capabilities to integrate and customize the business processes in cloud- first solutions for their end customers. Similarly, BPO and BPaaS providers, such as Capgemini, eBuilder, Genpact, IBM, Infosys and Maximus, use CE-BPM in their offerings to deliver one-to- many solutions to customers that are customizable and potentially differentiating.

Cloud BPM has moved to a post-peak position due to aggressive adoption of collaborative process modeling and bpmPaaS.

User Advice:

■ Use social BPM and collaborative business process modeling for process discovery and continuous process improvement, particularly if you have a distributed workforce.

■ Select SaaS and BPaaS offerings based on their embedded bpmPaaS capabilities for process differentiation.

■ For processes that require variability or are potentially differentiating, favor service providers that have based their services on a commercially available CE-BPM or bpmPaaS, rather than a homegrown BPM platform. Commercial software vendor investment in CE-BPM and bpmPaaS products is generally 15% to 20% of net revenue, and most service providers lack the margins to keep pace with this investment. Furthermore, commercially available BPM platforms tend to support a broader variety of process patterns; are more likely to allow business users to alter processes in minutes or hours, rather than days or weeks; and have better capabilities for real- time predictive analytics.

■ Use bpmPaaS to accelerate the development of systems of differentiation and innovation, and to avoid capital expenses.

■ Investigate the degree to which CE-BPM or bpmPaaS can provide you with end-to-end and real-time visibility into critical business metrics that indicate successful process performance in

Gartner, Inc. | G00263850 Page 61 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

processes that span multiple partner/supplier networks (see "Use Intelligent Business Operations to Create Business Advantage").

■ If you plan to become an internal CSB, carefully scrutinize the multitenancy and metering-by- use capabilities of the platform, and choose cloud-native CE-BPM to support cloud-first solutions.

Business Impact: Collaborative process modeling, along with its social BPM features, allows a broad set of process participants — from the enterprise, service partners, suppliers and even end customers — to participate in the process of process improvement. The broad reach of collaborative process modeling supports the crowdsourcing of process improvement.

CE-BPM and bpmPaaS platforms address concerns about limited customization of public and private cloud services, particularly in vertical industry sectors, such as banking, retail and insurance.

Cloud BPM makes it possible for this significant minority of cloud consumers to access differentiating and innovative business processes from SaaS, business process utility and BPaaS providers. Cloud BPM is critical for allowing these offerings to expand from commoditized, standardized processes to address differentiated processes. The bpmPaaS and CE-BPM capabilities in cloud BPM provide an integrated composition environment (ICE), which is a foundation for constructing systems of differentiation and innovation. These systems are next- generation, process-centric applications that replace or surround traditional applications to manage the work that spans the customers' on-premises solutions and the cloud service providers' offerings (see "Systems of Differentiation and Innovation Require Different Types of Model-Driven Application Platforms" and "SaaS, BPaaS and CSB Need Three Capabilities to Innovate or Transform the Business").

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Adeptia; AgilePoint; Appian; AppPoint Software Solutions; Barium; Bizagi; BizFlow; Bosch Software Innovations; BP Logix; Capgemini; Colosa; Eccentex; Effektif; Fujitsu; IBM; Informatica; Integrify; Interneer; Invensys; K2; KeyedIn Solutions; Knowesia; Kofax; Maximus; Metasonic; OpenText; Openwork; Pegasystems; PNMsoft; Questetra; Red Hat; SAP; Software AG; Sparkling Logic; Tibco Software; Ultimus; Vitria; W4Global; Whitestein Technologies; XMPro

Recommended Reading:

"MarketScope for Business Process Management Platform as a Service"

"2014 Strategic Road Map for Business Process Innovation in Hybrid IT"

"What IT Leaders Need to Know About bpmPaaS and Cloud-Enabled BPM Platforms"

"Four Best Practices for Customization Brokerage of Business Processes in the Cloud"

Page 62 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"Using Hybrid IT to Target Processes and Applications for Business Reinvention"

"What the BP Director Needs to Know About Using Cloud to Improve and Manage Business Processes"

Cloud Testing Tools and Service

Analysis by: Thomas E. Murphy; Maritess Sobejana

Definition: Cloud testing tools and service is a term that covers cloud technology to support testing from or in the cloud. This includes cloud-based lab management, service virtualization, on-demand- delivered testing tools and device clouds. The term also covers support for extremely large-scale, in-load tests, strong technology coverage (middleware, message formats, security protocols, etc.) and the ability to work across applications using a mixture of technologies.

Position and Adoption Speed Justification: Cloud testing solutions are becoming commonplace in performance and load testing, including performance monitoring. In addition, the demands created by bring your own device (BYOD) programs and development pressure around device- centered computing has created a strong drive to make use of device clouds. Major vendors in this market, providing a broad set of options and pricing models, are delivering solutions that can run on private or public cloud infrastructures, and there is also growth in the number of providers of service virtualization. Although there are a growing number of solutions, the market is still fragmented and lacks a complete and cohesive set of tools. Therefore, most of these tools are taken as add-ins to the current product mix rather than complete replacements.

Another key development will be how these environments meld together with emerging DevOps tools as part of an overall move to create a more agile delivery pipeline. The need for greater automation and flexibility is creating a demand for cloud-delivered test labs. However, in addition to the fragmented market, full success requires that testing organizations have a level of maturity to their change management and testing practices, and we feel many will struggle.

User Advice: There are a number of use cases for these products; however, the primary considerations should be based on lab scalability and the ability to match production use scenarios in a more realistic way. For companies looking to control the costs of lab setup and maintenance, or to control tool license costs — especially where the use of testing tools is seasonal — cloud testing services and tools provide good choices. This is also a good option for companies that do not have tools and are relying on manual testing to move to a higher degree of automation and best-practice behavior. However, if there are machines that have already been purchased and are readily available for use, it may be easier and less expensive to consider them for smaller-scale testing that is conducted internally and does not require a heavy load. The important points here are to understand the cost and benefits of in-house provisioning against those of the cloud and to clearly define the objectives of moving a particular testing project to the cloud.

Business Impact: Moving test labs to use a virtualized infrastructure in private and public clouds can reduce the cost of management, hardware, software and power. This should be a key element of any center-of-excellence effort for software quality. Hosted tools increase the ability to test Web

Gartner, Inc. | G00263850 Page 63 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

applications in the way that they will be used, thus reducing production errors and system failures. Taking advantage of cloud-based software provides more flexible billing and capacity, which must be balanced against usage profiles. This flexibility is viable for organizations, regardless of the development methods they use.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: BlazeMeter; BrowserStack; CA Technologies; CrossBrowserTesting.com; HP; IBM; Keynote Systems; Micro Focus; Microsoft; Neotys; QMetry; Rackspace; Ravello Systems; Sauce Labs; Skytap; Soasta; Zephyr

Recommended Reading:

"Test and Quality Management: The First Frontier for Private Cloud"

"Key Issues for Web and Cloud Application Development, 2010"

"The Coming Enterprise Shift to an aPaaS-Centric Web"

Database Platform as a Service

Analysis by: Donald Feinberg

Definition: A database platform as a service (dbPaaS) is a database management system (DBMS) or data store engineered as a scalable, elastic, multitenant service, with a degree of self-service and sold and supported by a cloud service provider. We do not restrict the definition to relational DBMSs only and include NoSQL DBMSs that are cloud-enabled and based on nonrelational file structures.

Position and Adoption Speed Justification: DbPaaS products are growing in number, due to the demand and the maturing cloud platforms, and many offerings currently available are relatively new. There are fully relational dbPaaS offerings with atomicity, consistency, isolation and durability (ACID) properties, but many of the newer dbPaaS offerings are non-ACID dbPaaS offering support for eventual consistency, which restricts them to less complex and normally single-user transactions.

Non-ACID dbPaaS technology is becoming more widely used for Web 2.0 development projects, where sharing data among multiple tenants in the cloud is not a requirement of the application. Redis Labs (formerly Garantia Data) is an example of such NoSQL dbPaaS and further, is an in- memory DBMS.

Most DBMS engines are available on a cloud infrastructure, such as Amazon's Elastic Compute Cloud, but these are not dbPaaS according to our definition (see "What IT Leaders Need to Know about Application PaaS Models and Use Patterns"). Standard DBMSs are not specifically

Page 64 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

engineered to take advantage of the cloud, which includes Amazon's Relational Database Service (available for MySQL and Oracle implementations), IBM's DB2, Microsoft's SQL Server, Oracle's DBMS, and many others.

These are offered as hosted services, not as cloud services, since the data store software in question makes no provision for elasticity or other cloud capabilities and users are expected to manage the DBMS instances and infrastructure as a service (IaaS). In addition, users normally purchase the licenses separately from the IaaS.

Many Web 2.0 application users may be experimenting with some of these services, but most still rely on non-cloud-based DBMS implementations. One exception is where all the data already exists in the cloud where it is desirable to have the application with the data, for example, with SaaS application data. One advantage of dbPaaS is that it doesn't use license-based pricing, but rather "elastic" pricing (the more you use, the more you pay; the less you use, the less you pay) or fixed subscription pricing (a flat price per user). This flexibility is an advantage as long as the "rental" price does not exceed the standard licensing cost.

The rate of adoption of dbPaaS will depend on the acceptance of cloud system infrastructure in general and the maturation of dbPaaS offerings. It will also depend on the usage model and whether the relaxed consistency model can be used by an application. Gartner believes additional dbPaaS products will become available as true cloud services during the next few years, in line with what Microsoft has done with the Azure SQL Database.

This increase in maturity will enable the replacement of less-critical, smaller workloads currently on- premises. The time to the Plateau of Productivity for dbPaaS has changed over the past few years as it is not widely used for production databases. This has caused us to keep it in the two- to five- year range with no movement on the curve. As more products become available and their maturity increases, we expect to see usage grow, although this will be closer to the five-year horizon.

Currently, dbPaaS is used primarily for the development and testing of applications — where database sizes are smaller and issues of security and sharing with multiple users are not a major concern. Recently, we have seen examples of applications using dbPaaS in production applications deployed in the cloud on Microsoft Azure SQL Database, Database.com, DynamoDB and others.

This growing use for development and production, coupled with the growing number of offerings, moves the technology closer to the Trough of Disillusionment.

User Advice: Advice for users in the next two years:

■ Use dbPaaS to develop and test systems, such as smaller production systems with a low number of users, hosting Web-specific content or for file storage in the cloud. This is especially important when the time to delivery is short and resources and funding are scarce.

■ Be cautious about dbPaaS, as there may still be issues with security and reliability — and with some nonrelational DBMSs, there are issues with concurrent user control.

Gartner, Inc. | G00263850 Page 65 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Exercise care with systems with high levels of data transfer — most cloud infrastructure vendors charge for movements of data in and/or out of the cloud.

■ Recognize that latency is another data transfer issue — the time needed to transfer large amounts of data to the cloud (for example, to support a data warehouse in the cloud) can be restrictive.

Business Impact: Initially, dbPaaS had an impact on software vendors (especially smaller ones) requiring a less expensive platform for development. Increasingly, Gartner's clients report similar use for application development within IT organizations. As dbPaaS gains maturity (especially in scalability, reliability and security), implementations used for short-term projects (such as small departmental applications and rapid development platforms) will show some marked cost reductions, compared with implementations within IT departments.

These cost savings will be primarily based on the ability to set up a dbPaaS environment without capital expenditure and the use of expensive IT personnel. The speed of setup will be a primary driver of the rapid deployment of systems — without the usual requirements and planning necessary for IT projects within the IT department. This will also reduce the need for IT staff to respond to short-notice and short-duration projects, thus reducing overall IT costs.

Some vendors, such as Microsoft, now offer both dbPaaS and cloud hosting (SQL Server on Microsoft Azure Virtual Machines), allowing customers to decide where to locate applications and to have the flexibility to move them as desired. This does require careful attention to functionality (not all functionality is available in both), but it does allow customers to use dbPaaS and then decide later (as their requirements grow) to move to hosted cloud, if desired (or vice versa).

Elasticity is a requirement for a DBMS to be classified as a dbPaaS and to deliver the benefits expected of a cloud platform service. Elastic resource allocation for the virtual machines and the storage must be provided by the DBMS for both simple and complex transactions. This can have an impact on overall cost as usage requirements change over time, especially if usage is seasonal (as, for example, in the retail sector). Elasticity allows the database to grow and contract as needed and so has the same effect on cost, growth and contracting.

As dbPaaS offerings mature during the next two to five years, it will be possible for an organization to host its entire DBMS infrastructure as dbPaaS, with potential reductions in the cost of servers, storage, DBMS licenses, maintenance and support, storage management and database administration. This will be of interest, particularly for financial managers monitoring costs and keen to reduce the overall cost of IT.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Emerging

Sample Vendors: Amazon; EnterpriseDB; Google; IBM; Microsoft; Oracle; Redis Labs; salesforce.com

Recommended Reading:

Page 66 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

Hybrid Cloud Computing

Analysis by: David W. Cearley; Donna Scott

Definition: Gartner defines hybrid cloud computing as the coordinated use of cloud services across isolation and provider boundaries among public, private and community service providers, or between internal and external cloud services. Like a cloud computing service, a hybrid cloud computing service is scalable, has elastic IT-enabled capabilities, self-service interfaces and is delivered as a shared service to customers using Internet technologies. However, a hybrid cloud service crosses isolation and provider boundaries.

Position and Adoption Speed Justification: Hybrid cloud computing is the coordinated use of cloud services across isolation and provider boundaries among public, private and community service providers, or between internal and external cloud services. Hybrid cloud computing does not refer to using internal systems and external cloud-based services in a disconnected or loosely connected fashion. Rather, it implies significant integration or coordination between the internal and external environments at the data, process, management or security layers.

Virtually all enterprises have a desire to augment internal IT systems with those of cloud services for various reasons, including for capacity, financial optimization and improved service quality. Hybrid cloud computing can take a number of forms. The following approaches can be used individually or in combination to support a hybrid cloud computing approach within and across the various layers — for example, infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS):

■ Joint security and management — Security and/or management processes and tools are applied to the creation and operation of internal systems and external cloud services.

■ Workload/service placement and runtime optimization — Using data center policies to drive placement decisions to resources located internally or externally, as well as balancing resources to meet SLAs, such as for availability and response time.

■ Cloudbursting — Dynamically scaling out an application from an internal, private cloud platform to an external public cloud service based on the need for additional resources.

■ Development/test/release — Coordinating and automating development, testing and release to production across private, public and community clouds.

■ Availability/disaster recovery (DR)/recovery — Coordinating and automating synchronization, failover and recovery between IT services running across private, public and/or community clouds.

■ Cloud service composition — Creating a solution with a portion running on internal systems, and another delivered from the external cloud environment in which there are ongoing data exchanges and process coordination between the internal and external environments.

Gartner, Inc. | G00263850 Page 67 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Dynamic cloud execution — The most ambitious form of hybrid cloud computing combines joint security and management, cloudbursting and cloud service compositions. In this model, a solution is defined as a series of services that can run in whole or in part on an internal private cloud platform or on a number of external cloud platforms, in which the software execution (internal and external) is dynamically determined based on changing technical (for example, performance), financial (for example, cost of internal versus external resources) and business (for example, regulatory requirements and policies) conditions.

We estimate no more than 20% of large enterprises have implemented hybrid cloud computing beyond simple integration of applications or services. This declines to 10% to 15% for midsize enterprises, which mostly are implementing the availability/disaster recovery use case. Most companies will use some form of hybrid cloud computing during the next three years. Some organizations are implementing cloud management platforms (CMPs) to drive policy-based placement and management of services internally or externally. A fairly common use case is in the high availability (HA)/DR arena where data is synchronized from private to public or public to private for the purposes of resiliency or recovery. A less common but growing use case (due to complexities of networking and latency) is cloudbursting. The grid computing world already supports hybrid models executing across internal and external resources, and these are increasingly being applied to cloud computing. More sophisticated, integrated solutions and dynamic execution interest users, but are beyond the current state of the art.

Positioning has advanced significantly in a year (from peak to postpeak midpoint) as organizations leverage and embrace the public cloud into their business processes and internal services, and engage in designing cloud-native and optimized services. While maturing rapidly, the reality is that hybrid cloud computing is a fairly immature area with significant complexity in setting it up in operational form. Early implementations are typically between private and public clouds, and not often between two different public cloud providers. Technologies that are used to manage hybrid cloud computing include CMPs, but also specific services supplied by external cloud and technology providers that enable movement and management across internal and external cloud resources. Most hybrid cloud computing technologies and services seek to lock in customers to their respective technologies and services, as there are no standard industry approaches.

User Advice: When using public cloud computing services, establish security, management and governance models to coordinate the use of these external services with internal applications and services. Where public cloud application services or custom applications running on public cloud infrastructures are used, establish guidelines and standards for how these elements will combine with internal systems to form a hybrid environment. Approach sophisticated integrated solutions, cloudbursting and dynamic execution cautiously, because these are the least mature and most problematic hybrid approaches. To encourage experimentation and cost savings, and to prevent inappropriately risky implementations, create guidelines/policies on the appropriate use of the different hybrid cloud models. Consider implementing your policies in CMPs, which implement and enforce policies related to cloud services.

Business Impact: Hybrid cloud computing leads the way toward a unified cloud computing model, in which there is a single cloud that is made up of multiple sets of cloud facilities and resources (internal or external) that can be used, as needed, based on changing business requirements. This ideal approach would offer the best-possible economic model and maximum agility. It also sets the

Page 68 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

stage for new ways for enterprises to work with suppliers and partners (B2B), and customers (business-to-consumer), as these constituencies also move toward a hybrid cloud computing model. In the meantime, less ambitious hybrid cloud approaches still allow for cost optimization, flexible application deployment options, and a coordinated use of internal and external resources.

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Apache CloudStack; BMC Software; HP; IBM; Microsoft; OpenStack; RightScale; VMware

Recommended Reading:

"Hybrid Cloud Network Architectures"

"Hybrid Cloud Is Driving the Shift From Control to Coordination"

"Cloud Storage Gateways: Enabling the Hybrid Cloud"

IaaS+

Analysis by: Yefim V. Natis; David Mitchell Smith

Definition: IaaS+ is infrastructure as a service (IaaS) bundled with ("plus") middleware (typically not cloud-enabled). IaaS+ offers middleware as a cloud service, the same as PaaS and is portable with on-premises middleware. However, unlike PaaS, it requires that the subscriber manage the underlying systems resources (VMs) and middleware and arrange elastic sharing of resources. With PaaS, elasticity is built-in and VMs are hidden. IaaS+ is often presented as PaaS, but lacks PaaS productivity and potential efficiency. It is not PaaS.

Position and Adoption Speed Justification: In the most basic form, users can subscribe to IaaS services, acquire middleware licenses elsewhere and deploy the middleware on the IaaS-sourced VMs (a "bring your own license" model) to get a middleware as a cloud service environment. That's not IaaS+. IaaS+ is the arrangement where the middleware and IaaS are bundled into one offering by the provider.

IaaS providers offer multiple forms of IaaS plus middleware. The simplest case is illustrated by Amazon Machine Images (AMI) available in Amazon Marketplace. The offering may include a bundled basic (not cloud-enabled) DBMS or an application server, but it may require that customers pay for the middleware license from the product vendor and also subscribe to the carrying IaaS. The customer gets to use middleware that is hosted over IaaS resources, but gets no PaaS experience or benefits (such as reduced complexity, increased productivity or built-in elasticity on- demand). The customer (subscriber) also remains responsible for versioning and patching of the

Gartner, Inc. | G00263850 Page 69 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

middleware. The use of such AMI-style IaaS+ arrangements has been available for a number of years.

A more advanced form of IaaS+ has the same IaaS with installed basic middleware, plus cloud management platform (CMP) software (such as the Rightscale application management platform or Tibco Silver Fabric) to facilitate auto-scaling. This pattern supports shared-hardware elasticity on- demand (if the middleware in question is horizontally scalable), but the subscriber is still responsible for selecting, budgeting, deploying and managing the CMP. This is a "build your own elasticity" model. Again, subscribers looking for full control of the software stack will find this a benefit and others will find it a burden.

A more confusing form of IaaS+ is an offering such as Amazon Web Services (AWS) Elastic Beanstalk where an IaaS vendor bundles some open-source middleware (Apache Tomcat, in this case) and support for some elasticity on-demand (CloudWatch and Auto Scaling, in this case). Here, all components of the offering come from one vendor, making it appear even more like a PaaS. However, Amazon Elastic Beanstalk packages the software components of a PaaS, but not to the experience. The buyer is still subscribing to an IaaS offering, makes all the infrastructure arrangements and is responsible for versioning and other management of all platform software.

IaaS+ is not a PaaS, even if users get access to middleware services from IaaS+, similarly to PaaS. Users subscribing to PaaS services are freed from the requirement to manage the underlying system's resources (some optional control of VMs may be available for high-control projects). To most users of PaaS, the stack is fully opaque: only the middleware services are exposed to the subscriber, but the software that enables the services is versioned, patched and otherwise managed by the provider. Subscribers are not required to have any expertise in infrastructure technologies or in enabling resource elasticity. The provider manages scaling, availability and other qualities of service, as well as versioning and patching of all software.

IaaS+, especially its more advanced form that includes a CMP for shared-hardware elasticity, is the preferred choice for some high-control projects. It is also the best option for projects that seek to migrate existing on-premises software to the cloud with minimal disruption and costs. While IaaS+ does not deliver the PaaS characteristics — it is easy to understand and engage because it is not much different from the on-premises virtualized data center environment. As such, it is often the first step to cloud for mainstream IT organizations.

As more users gain experience with the IaaS+ model, it will become evident that most of the complexity and cost of managing a traditional IT environment will not reduce the costs or complexity under IaaS+ services, pushing IaaS+ toward the Trough of Disillusionment. Organizations that are looking to the cloud for greater productivity and relief from system-level resource management turn to PaaS.

User Advice:

■ Choose IaaS+ when you want to retain control over infrastructure resources, including middleware, VMs and storage, and you are prepared to maintain the required in-house expertise.

■ Choose IaaS+ when portability of software and skills from on-premises to cloud is high priority.

Page 70 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Ensure that the IaaS+ offering you choose has the elastic multitenancy support if you need it (or be prepared to develop it).

■ Choose a PaaS if you are looking for reduced complexity and increased management and administration productivity for your application development or integration projects.

■ Ensure that applications developed and deployed with the use of IaaS+ achieve their ROI targets within the next two to three years, enabling you to re-evaluate the choice between IaaS plus middleware and PaaS in the future.

Business Impact: IaaS+ the least disruptive way for adopting cloud deployment of software. Its limited platform efficiency and productivity is balanced by a greater degree of control over the operating environment and greater portability with the on-premises skills and software (compared with PaaS). Some advanced users will take advantage of the extra levels of control in IaaS+ and build advanced solutions, including some PaaS offerings powered by the internal IaaS plus middleware services. Others use IaaS+ for development and test projects and for migration of existing software off premises. For most mainstream IT organizations that use IaaS+, it will serve as the initial step toward PaaS.

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Maturity: Early mainstream

Sample Vendors: Amazon Web Services; IBM SoftLayer; Rackspace

Recommended Reading:

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

"What IT Leaders Need to Know About Application PaaS Models and Use Patterns"

"Understand IaaS, PaaS and the Role of Middleware to Make the Most of Each"

Personal Cloud

Analysis by: Neha Gupta

Definition: Personal cloud is the individual's collection of digital content, services and apps, which are seamlessly accessible across any device.

Position and Adoption Speed Justification: Personal cloud is a virtual amalgamation of different services that users assemble, either explicitly or implicitly, based on their personal needs, tastes and work styles. Once assembled, a personal cloud serves as a repository for users' data; the place they go to stay in touch with family, friends and colleagues; and the collection of sites they visit to make purchases. A personal cloud also helps users be informed and entertained, as well as do their jobs.

Gartner, Inc. | G00263850 Page 71 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

The next phase of evolution of personal clouds is cognizant computing. Each stage of cognizant computing deals with more personal and commercial information about a consumer.

Until now, personal cloud providers have focused mostly on store and sync features, where apps and content are stored and synced with the cloud. Examples include cloud storage providers (such as Dropbox, SugarSync and Mozy) and music lockers from Amazon, Google and Apple that upload users' music to the cloud and then stream it back to any of their devices. Over the coming years, we expect an increasing amount of consumer apps to sync information with the cloud, rather than simply storing information solely in the app. This will create an increasing amount of traffic to the cloud, while making it easier for app developers and brands to gather information about consumers, their apps and their content usage. Evernote is a good example of an app that syncs consumer notes and aspires to become the user's "digital brain."

Currently, most technology and service providers have implemented deeper integration of sync, stream, store and share, and consumers are expecting this level of functionality from all their apps and services.

For example, Dropbox has added advanced personal cloud features, such as bubbli, a photo app that converts photos into 3D "bubbles" (complete with sound) to current capabilities, without enhancing the capabilities themselves. Another example is Apple's recent deeper dive into PC services, where even more Apple ecosystem data will be available across all a user's Apple devices — from mobile to PC to online.

An increase in broadband penetration, Wi-Fi usage and migration toward 4G networks will also help increase adoption of personal cloud. This is because Wi-Fi and 4G will facilitate uploading and downloading at very high speeds, and they will enable high-quality streaming and faster synchronization. But this won't occur without challenges or risk. Critical issues that will have to be addressed include consumer privacy, quality of execution and becoming a trusted vendor.

User Advice:

■ Personal cloud providers:

■ Don't tie offerings to a specific device or platform. Make them broadly available across multiple ecosystems to maximize adoption.

■ Make it easier for users to integrate existing personal cloud services. When offering streaming and content access, take into account the user's present state and context in order to deliver an appropriate and seamless experience. Differentiate your personal cloud services by offering contextually relevant content.

■ Create partnerships to give as many users as possible access to common devices and platforms. All applications do not need a proprietary online storage solution or synchronization engine, but they should be tied to popular systems already used by consumers.

■ Use a personal cloud as a basis for building a comprehensive digital service portfolio. Offer consumers a wide choice of content, devices and Web services.

Page 72 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Communications service providers:

■ Offer service plans that support customers' ownership of multiple connected devices. Make your personal cloud services more compelling by zero-rating them against data and storage allowances.

■ Device vendors:

■ Personal cloud trends will make device specification less relevant, but consumers will still want to use a range of different devices to access the cloud. As you focus on developing a cloud offering, couple this with consistency of experience, user interface paradigm, battery life, connectivity and display technology that can optimize your cloud service's accessibility and users' multiple-device experience.

■ Move toward device-neutral development processes, and stop building for specific physical devices.

Business Impact: The personal cloud provider's attempts will be to create a larger pool for users within their ecosystems, even though this will create inconvenience for the user. This is because many users will access content and services from multiple service providers and use devices from multiple equipment manufacturers.

IT organizations will be just one of the service providers delivering content to a user's personal cloud, and they must be prepared to integrate users' chosen environment with minimal disruption or administration. The personal cloud will also have a direct impact on IT organizations designing applications that must coexist in the personal cloud to gain acceptance.

Benefit Rating: High

Market Penetration: 20% to 50% of target audience

Maturity: Early mainstream

Sample Vendors: Amazon; Apple; Cloud Engines; D-Link; Dropbox; Facebook; Google; Lenovo; Mozy; SugarSync; YouTube

Recommended Reading:

"Agenda Overview for Consumer Services and Applications, 2014"

"Market Trends: Cognizant Computing Will Reshape Mobile and App Market Revenue"

"SWOT: Evernote, Personal Cloud, Worldwide"

"Microsoft Embraces the Personal Cloud With Windows 8"

"Market Trends: CSPs Face Competition From OTT Providers in the Personal Cloud"

Gartner, Inc. | G00263850 Page 73 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Private Cloud Computing

Analysis by: Thomas J. Bittman; Philip Dawson

Definition: Private cloud computing is a form of cloud computing that is used by only one organization, or that ensures an organization is completely isolated from others.

Position and Adoption Speed Justification: Cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service to customers using Internet technologies. Unlike public cloud computing, in private cloud, access to the service is open to any customer willing to pay (unless the service is subsidized, for example, by advertising).

Private and public cloud computing are at opposite ends of the spectrum. There are numerous variations between those two, such as community cloud computing (shared, but with limited users), virtual private cloud computing (less than full isolation between multiple users) and hybrid cloud computing (a service federated between private and public cloud services). We will focus on private cloud computing that is fully private to an organization — often on-premises, but could be hosted by a third party.

Organizations building a private cloud service are emulating public cloud computing providers to acquire similar benefits, but within their control and often on-premises. In most cases, this is at an infrastructure level (using virtual machines); however, use of platform as a service (PaaS) and even SaaS private clouds is growing. Private cloud computing requires successful implementation of technology and nontechnology changes. Examples include standardization, automation, self- service tools and service management, metering, and possibly chargeback. Many technologies to enable these are still evolving, and deployments often require custom tools. The biggest challenges with private cloud computing tend to be people- and process-related, cultural, political and organizational.

Public cloud providers currently maintain a small number of offered services. However, enterprises have many complex and interrelated services to deliver. A private cloud computing service can fit within a broader portfolio of services delivered by an infrastructure in real time.

Although some of the technologies required for private cloud computing are mature, customization is often required. Many examples of private cloud computing services are focused on development and test provisioning, especially for infrastructure as a service (IaaS). However, enterprises are deploying private cloud services in production, and are learning where private cloud computing makes sense and where it does not.

Enterprise interest is already high, and deployments are moving quickly. Roughly one-third of large enterprises have at least one private cloud service in the piloting stage, and more than 80% of large enterprises have plans to deploy private cloud in the next few years.

User Advice:

■ Let service and business requirements, rather than technologies, lead your private cloud computing plans (see "Getting Started With Private Cloud: Services First").

Page 74 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Create a business case for developing full private cloud services versus using public cloud services or modernizing established architectures.

■ Consider the long-term road map for your private cloud services (see "The Road Map From Virtualization to Cloud Computing"). Build with the potential to take advantage of hybrid sourcing (using your private and public cloud services). Plan for a growing mix of options from private IaaS, to private PaaS, to private SaaS.

■ Start slowly with development/test lab provisioning; short-term, low SLA computing requests; and simple, non-mission-critical Web services (for example, self-service requests and dynamic provisioning for Web environments). Pilot a private cloud implementation to gain support for shared services and to build transparency in IT services costing and chargebacks.

■ Implement change and configuration management processes and tools as a part of deploying private cloud services to ensure that you can standardize on the software stacks to be delivered through self-service provisioning, and adequately maintain them.

Business Impact: Private cloud implementations depend on some form of technology sharing/ multitenancy and elasticity, using virtual machines, server containers, application containers or multitenant, internally elastic software. Sharing alone can reduce capital costs, but private cloud computing can also reduce the cost of operations and (most importantly) enable faster service delivery. Private cloud computing is attractive to the business primarily because it enables agility — self-service ordering of frequently requested services on demand — as well as dynamic provisioning. Private cloud is not the right approach for every service. Test lab provisioning is an early example of a private cloud service that enables testers to improve time to market and efficiencies, while reducing labor costs associated with provisioning.

Private cloud computing also changes the relationship between the business and IT, transforming how IT is consumed. The shift to services (rather than implementation and assets), pay per use and chargeback enable the business to focus on rapidly changing service requirements and consuming IT based on variable costs. Meanwhile, IT can focus on efficient implementation and sourcing, including the potential to leverage public cloud services without negatively affecting the business.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Apprenda; BMC Software; Citrix; Eucalyptus; GigaSpaces Technologies; HP; IBM; Microsoft; Pivotal; Progress Software; Red Hat; VMware

Recommended Reading:

"Private Cloud Matures, Hybrid Cloud Is Next"

"Five Things That Private Cloud Is Not"

Gartner, Inc. | G00263850 Page 75 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"Design Your Private Cloud With Hybrid in Mind"

"Top Five Trends for Private Cloud Computing"

"Platform as a Service: Definition, Taxonomy and Vendor Landscape, 2013"

Private IaaS

Analysis by: Thomas J. Bittman

Definition: Private infrastructure as a service (IaaS) is a form of private cloud computing that offers infrastructure services (such as server, storage or network capacity) that are used by only one organization, or that ensure that an organization is completely isolated from others.

Position and Adoption Speed Justification: Cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service to customers using Internet technologies. The private cloud contrasts with public cloud computing, in which access to the service is open to any customer willing to pay, unless the service is subsidized (for example, by advertising).

Organizations building private IaaS are emulating public cloud computing providers to acquire similar benefits, but within their control and often on-premises (although a growing number of third- party offerings have anything from full private to virtual private capabilities). Some form of server virtualization is used — often virtual machines or containers.

Although some of the technologies required for private IaaS are mature, some aren't mature yet, and customization is often required. As a foundation, private IaaS is built on a cloud management platform (CMP), which can be a packaged software offering, a custom-built product or something in between. Many examples of private IaaS are focused on development and test provisioning. However, enterprises are now deploying private IaaS in production, and are learning where private IaaS makes sense and where it doesn't.

Enterprise interest is already high, with about one-third of respondents in Gartner polls saying they already have a private cloud IaaS deployment in place, and the majority planning deployments within a few years. This trend will move quickly on the Hype Cycle during the next two years, as private IaaS moves from strategy to pilots to production deployments.

User Advice: Create a business case for developing private IaaS versus using public cloud services, or modernizing established architectures.

Consider the long-term road map for your private cloud service, in terms of future hybrid cloud interoperability, and as a part of a heterogeneous sourcing mix (private, hybrid, public, traditional sourcing of services) that needs to be managed together (or "brokered") through some kind of orchestration technology (see "The Road Map From Virtualization to Cloud Computing").

Start slowly with development/test lab provisioning; short-term, low SLA computing requests; and simple, non-mission-critical Web services (e.g., self-service requests and dynamic provisioning for

Page 76 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Web environments). Pilot a private IaaS implementation to gain support for shared services and to build transparency in IT service costing and chargebacks.

Implement change and configuration management processes and tools prior to implementing private IaaS to ensure that you can standardize on the software stacks to be delivered through self- service provisioning, and adequately maintain them.

Business Impact: Most private IaaS implementations progress from a virtualization foundation. Virtualization reduces capital costs, but private cloud computing can reduce the cost of operations and (most importantly) enable faster service delivery (including short-term and experimental workloads, supporting startup efforts even in large enterprises). It is primarily attractive to the business, because it enables agility — self-service ordering of frequently requested services — as well as dynamic provisioning. Private IaaS is not the right approach for every service. Test lab provisioning is an early example of private IaaS that enables testers to improve time to market and efficiencies, while reducing the labor costs associated with provisioning.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: BMC Software; Cisco; Citrix; Eucalyptus; HP; IBM; Microsoft; Piston Cloud Computing; VMware

Recommended Reading:

"Private Cloud Matures, Hybrid Cloud Is Next"

"Five Things That Private Cloud Is Not"

"Private Cloud Computing: Target Services That Need Agility"

"Design Your Private Cloud With Hybrid in Mind"

"Top Five Trends for Private Cloud Computing"

Cloud-Based Security Services

Analysis by: Kelly M. Kavanagh

Definition: Cloud-based security services enable the delivery of security controls, without on- premises technology deployment and management. Security controls differ in their appropriateness for cloud-style delivery.

Position and Adoption Speed Justification: Service providers must meet customer expectations for the availability, effectiveness, scalability, deployment, management ease and cost savings of cloud-based security controls. Customers must assess service capabilities for policy enforcement,

Gartner, Inc. | G00263850 Page 77 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

for management and monitoring controls across hybrid cloud and on-premises deployments, for maintaining availability of critical controls, and for customization and configuration of cloud-based controls. Threat-facing services can more easily meet these expectations, while internal or business-facing services encounter obstacles to adoption, such as an established internal capability with sunk costs or data location concerns. Initial adoption of business-facing cloud-based security controls is typically focused on and limited to specific domains, vertical markets or use cases (such as securing other cloud-based IT services, meeting compliance requirements or securing remote office locations.) Controls such as network-based firewalls, intrusion detection and prevention systems, vulnerability scanning, antivirus protection, distributed denial of service protection, messaging security and Web gateway security services are often selected for early deployments. Recently, Gartner has noted the increasing adoption of identity and access management as a service (IDaaS), especially among small or midsize businesses (SMBs) and those providing employee access to SaaS applications. Cloud-based controls' deployment ease and lower price points make them attractive to SMBs or to Type B and Type C companies. Enterprises can extend security controls provided by on-premises technology with cloud-based services to address employee-owned devices, remote office locations and cloud-based IT infrastructure. Cloud-based security offerings can be embedded into other service offerings by providers of bandwidth, cloud services and security as a service, thus giving buyers an additional option in product or service decisions. The cloud-based security approach is also well-suited to deliver security controls for other cloud-based IT services.

User Advice: Consider service continuity, response time, customization and switching requirements — in addition to functional requirements — for security controls. Look at leveraging cloud-based security providers, as well as bandwidth and remote connectivity service providers, for opportunities to consolidate on-premises-based security technologies into cloud-based delivery options — especially for mobile technology and remote office or branch office environments that would otherwise require on-site deployment and hardware maintenance. Where service deployment requires a blend of on-premises-based equipment and cloud-based delivery, look for uniform policy enforcement, administration, configuration and reporting capabilities across the service components.

Business Impact: Cloud-based security has the potential to deliver cost savings, fast deployment and broader coverage — compared with equivalent-capacity, on-premises-based equipment — and may result in better security for users that cannot effectively manage on-premises security technology.

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Akamai; Alert Logic; AT&T; Blue Coat; CipherCloud; Cisco; CloudFlare; McAfee; Neustar; Okta; Panda Security; Qualys; Symantec; Verisign; Verizon; Websense; WhiteHat Security; Zscaler

Recommended Reading:

Page 78 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"Forecast Analysis: Public Cloud Services, Worldwide, 1Q14 Update"

Real-Time Infrastructure

Analysis by: Donna Scott

Definition: RTI represents a shared IT infrastructure in which business policies and SLAs drive the dynamic allocation and optimization of IT resources so that service levels are predictable and consistent despite unpredictable IT service demand. RTI provides the elasticity, functionality, and dynamic optimization and tuning of the runtime environment based on policies and priorities across private, public and hybrid cloud architectures. Where resources are constrained, business policies determine how resources are allocated to meet business goals.

Position and Adoption Speed Justification: The technology and implementation practices are immature from the standpoint of architecting and automating an entire data center and its IT services for real-time infrastructure (RTI). However, solutions have emerged that optimize specific applications or infrastructure. From an application standpoint, creating cloud native or optimized services typically involves elasticity — enabling scale-out capacity results in increased response to increased demand. These are often built through PaaS or through cloud management platforms (CMP). Many CMP vendors have enabled models or automation engines to achieve RTI (for example, through the implementation of logical service models with policies that are defined for the minimum and maximum instances that can be deployed in a runtime environment). Building elasticity is not turnkey; rather, IT organizations must still write custom code (for example, automation and orchestration logic) to achieve their overall dynamic optimization goals and when to trigger or initiate the optimization Moreover, although virtualization is not required to architect for RTI, many CMP solutions only support virtualized environments instead of offering more complex alternatives that require integration to physical resources. CMPs often include some infrastructure optimization functionality such as intelligent placement of workloads or services based on pre- established policies. Moreover, infrastructure management tools than analyze service capacity and use of the infrastructure may be employed to rebalance the load within or across clusters.

A key underlying requirement for dynamic optimization is software-defined anything (SDx), to enable automation and optimization through APIs and programmability. Gartner believes that RTI will be subsumed in SDx terminology over the next few years as it gets more clearly defined and more offerings come to market. As in the past, we will see individual vendor progress, especially in "software stacks," but not in largely heterogeneous environments because of the lack of standards, as well as the desire for vendors that build such functionality to create benefits for their platforms (and not their competitors' platforms).

While RTI is increasing in use and implementation, it still has a fairly low penetration rate of around 20% of large enterprises, and a much lower rate when considering the proportion of implemented services. Lack of architecture and application development skills in the infrastructure and operations (I&O) organization hampers implementation of RTI in all but the most advanced organizations. For customers who desire dynamic optimization to integrate multiple technologies together and orchestrate analytics with actions, a great deal of integration and technical skills are required. However, organizations that pursue agile development (and DevOps) for their Web

Gartner, Inc. | G00263850 Page 79 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

environments will often implement RTI for these services in order to map increasing demand on their sites with an increasing supply of resources. As this demand rises due to new developments in mobile computing, Web, analytics, and the Internet of Things, we will see greater penetration in these new application environments, as they will be built for elasticity. In another RTI use case, enterprises are implementing shared disaster recovery data centers, whereby they dynamically reconfigure test/development environments to look like the production environment for disaster recovery testing and disaster strikes. This type of architecture can typically achieve recovery time objectives in the range of one to four hours after a disaster is declared. Typically, implementation is not triggered automatically but is manually initiated where the automation is prewritten.

User Advice: Surveys of Gartner clients indicate that the majority of IT organizations view RTI architectures as desirable for gaining agility, reducing costs and attaining higher IT service quality and that about 20% of organizations have implemented RTI for some portion of their portfolios. Overall progress is slow for internal deployments of RTI architectures because of many impediments, especially the lack of IT management process and technology maturity levels, but also because of organizational and cultural issues.

RTI is also slow for public cloud services, where application developers may have to write to a specific and proprietary set of technologies to get dynamic elasticity. While less so as in prior years, Gartner sees technology as a significant barrier to RTI, specifically in the areas of root cause analysis (which is required to determine what optimization actions to take), service governors (the runtime execution engines behind RTI analysis and actions) and lack of standards. However, RTI has taken a step forward in particular focused areas, such as:

■ Dynamic and policy-based provisioning of development/testing/staging and production environments across private, public and hybrid cloud computing resources

■ Optimally provisioned cloud services based on capacity and policies (for example, workload and service placement)

■ Server virtualization and dynamic workload movement and optimization

■ Reconfiguring capacity during failure or disaster events

■ Dynamic scaling of application instances especially for Web oriented scale-out applications built using PaaS or through CMPs.

IT organizations that desire RTI should focus on maturing their management processes using ITIL and maturity models (such as Gartner's ITScore for I&O Maturity Model) as well as their technology architectures (such as through standardization, consolidation and virtualization). They should also build a culture that is conducive to sharing the infrastructure and should provide incentives such as reduced costs for shared infrastructures. Gartner recommends that IT organizations move to at least Level 3 — proactive — on the ITScore for I&O Maturity Model in order to plan for and implement RTI; before that level, a lack of skills and processes derails success. Moreover, for organizations using agile development, operational skills and capabilities should be infused into them to enable RTI. Organizations should investigate and consider implementing RTI solutions early in the public or private cloud or across data centers in a hybrid implementation, which can add

Page 80 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

business value and solve a particular pain point, but should not embark on data-center-wide RTI initiatives.

Business Impact: RTI has three value propositions, which are expressed as business goals:

■ Reduced costs that are achieved by better, more efficient resource use and by reduced IT operations (labor) costs

■ Improved service levels that are achieved by the dynamic tuning of IT services

■ Increased agility that is achieved by rapid provisioning of new services or resources and scaling the capacity (up and down) of established services across both internally and externally sourced data centers

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Amazon; BMC Software; IBM; Microsoft; Oracle; Red Hat; RightScale; ServiceMesh; VMTurbo; VMware

Recommended Reading:

"Cool Vendors in Cloud Management, 2014"

"Market Guide for Cloud Management Platforms From Large Software and Emerging Vendors"

"Market Guide for Integrated Infrastructure Systems Cloud Management Platforms"

"Market Guide for Open Source Cloud Management Platforms"

"How to Build an Enterprise Cloud Service Architecture"

Public Cloud Storage

Analysis by: Gene Ruth

Definition: Public cloud storage is infrastructure as a service (IaaS) that provides object, block or file storage services through a REST API using Internet protocols. The service is stand-alone with no requirement for additional managed services. The service is priced based on capacity, data transfer and/or services. It provides on-demand storage capacity elasticity and self-provisioning. Stored data exists in a multitenant environment, and users access that data through either the Internet or dedicated network connectivity.

Position and Adoption Speed Justification: Cloud storage is available on a global basis with providers offering a wide breadth of storage services and service-level agreements (SLAs). Services target a wide variety of customers and workloads and are defined by their SLAs, global scale and

Gartner, Inc. | G00263850 Page 81 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

pricing regimes. The evolution of cloud storage is driven by market demand pressure to reduce the total cost of ownership for storage, which is necessitated by the rapid growth of data and the operational costs of maintaining high-growth internal storage infrastructures. Other drivers include requirements to improve organizational responsiveness, to deal with unpredictable workloads and to offer collaborative opportunities. Based on client interactions, U.S.-based data centers are willing to consider public storage, but are still inhibited by a variety of privacy, regulatory, economic, vendor and service provider credibility issues.

Regulatory concerns have contributed to differences in expectations between users in the U.S. and other geographic areas. In the U.S., a handful of larger service providers are solidifying their positions in the market and are continuing to establish their credibility. Other regional markets have been slower to adopt the storage services model, but are expected to quickly move to adoption once more traction is evident for cloud services in the U.S. Enterprise customers are focusing on hybrid solutions that bridge on-premises storage with public services as they test the capability and prove viability of public cloud storage for their use cases. The hybrid architecture allows a stepwise approach to public cloud adoption and is highly dependent on common APIs and the still-evolving cloud storage gateway market.

Gartner expects regions outside the U.S. to follow the same path as the U.S. market, albeit at a much quicker pace. U.S. success stories are undoubtedly reaching other regions, encouraging end users to demand regional support. Gartner expects adoption expansion to continue as costs, legal concerns, security and infrastructure integration issues are sufficiently addressed to reduce the risk of entry by large enterprises. The failure of large storage hardware vendors to offer enabling products that support hybrid infrastructures and the reluctance of IT organizations to use evolving storage service providers limits the growth of the market.

User Advice: Evaluate cloud storage as an alternative for non-mission-critical storage services such as archiving, file sharing and backup. These noncritical use cases provide allowance for shortfalls in SLA compliance by service providers and facilitate expectation setting by clients. Cloud storage can be useful for prestaging data for transient cloud computing IaaS environments that depend on manipulating large amounts of data. Also, consider public cloud storage as an effective solution for providing data and data protection for branch offices and mobile users. For hybrid environments, include on-premises cloud storage gateway appliances that provide cache, data deduplication, thin provisioning, encryption and further security capabilities that will assist with security and latency concerns. When selecting a service provider, due diligence should include an evaluation of the client organization's sensitivities to SLAs compliance, data sovereignty, bandwidth costs, usage rates and disaster recovery requirements. Initially, considerable investments in time and money will be required to integrate cloud storage options into current applications and environments.

Business Impact: The cost and agility expectations set by the public cloud storage vendors are enabling in-house IT operations to change their storage infrastructure management procedures and storage infrastructure strategies. User demands for lower costs, more agility and operations that are more autonomic are also influencing vendor R&D investments and cloud services offerings. Services that have already been influenced by user demands include backup, versioning, encryption and secure erasure. To attract new customers, vendors continue to lower costs and offer a variety of pricing models that allow end users to align their storage costs with their usage rates, with the goal of lowering costs in both the short and long term. Customers must be mindful that, although

Page 82 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

operational costs may move into the cloud, management issues such as chargeback, asset management, billing, security and performance responsibilities remain with the customer.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Emerging

Sample Vendors: Amazon; AT&T; Google; HP; IBM; Microsoft; Rackspace

Recommended Reading:

"Cloud Storage Gateways: Enabling the Hybrid Cloud"

"Hybrid Cloud Storage Can Be an Antidote to Rapid Data Growth"

"How to Calculate the Total Cost of Cloud Storage"

Cloud Office Systems

Analysis by: Tom Austin

Definition: Cloud office systems include creative, collaborative, communication, social, coordination and data services, along with APIs that enable integration with other systems. (In the PC era, many of these were called "personal productivity tools.") Microsoft Office 365 and Google Apps for Business are examples. Most buyers start with a subset that includes email. The broad term "cloud office systems" is a generic label. The term "Microsoft Office" refers to a specific range of products from Microsoft.

Position and Adoption Speed Justification: Microsoft and Google have been investing heavily to attract enterprises to their cloud office systems. In addition, there are many other providers, some with a very broad suite (such as IBM's Smart Cloud for Social Business), and some with more narrowly defined, cloud-based subsystems that are relatively free-standing (such as Huddle) or that integrate with one of the very broad offerings (such as Fujitsu's RunMyProcess).

Cloud office system service providers often make hyperbolic claims of massive wins and enormous momentum but, as is the case in most Hype Cycles, actual penetration trails behind vendors' claims. As of 2Q14, only 10% of users (67 million) in the overall enterprise office market have moved to cloud office systems and most have focused on email, not the broad range of capabilities.

After slow growth from 2007 to 2013, cloud office system adoption is accelerating. It will reach 25% of the market's total potential by the end of 2017, 50% by 2020 and 90% by the market's 20th birthday in 2027.

We predict cloud office system providers will deliver socially savvy virtual personal assistants and other "smart" machine technologies, beginning in 2015 and 2016. (We do not expect market leaders to offer equivalent on-premises capabilities.) These capabilities offer great promise in terms of

Gartner, Inc. | G00263850 Page 83 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

significantly enhancing employees' effectiveness (see "The IT Role in Helping High-Impact Performers Thrive"). If this prediction is correct, the "traditional" benefits and drawbacks of cloud office systems will become less important, but still deserve attention:

■ Benefits include lower net cost (particularly for smaller enterprises); greater agility (via faster availability of new features); lower overheads (by replacing capital investment requirements with operating expenses, smoothing cash flow and cutting dedicated IT resources); easier provisioning; greater reliability and security (particularly for smaller organizations); improved user experience; and financial incentives from the service providers.

■ Drawbacks include loss of control; risk of higher net cost in the long run; priority of other strategic initiatives (office systems have not been at the top of most IT organizations' strategic agendas for decades); compliance and regulatory concerns (which are slowly abating); difficult integration with on-premises systems; and functional deficits or surfeits.

User Advice: IT leaders should:

■ Ignore self-serving vendor migration pressures.

■ Where appropriate, run pilots of multiple cloud office systems that involve your internal customers, not just IT. Pit Google, Microsoft and others (such as IBM) against each other. For enterprises with 10,000 or more potential users, consider exploiting multiple vendors' offerings, if user subsets are cleanly separable. Avoid lock-in wherever possible.

■ Avoid weak decisions. Look for evidence of dramatic improvements in user-job-related effectiveness or substantially tangible cost or risk reductions. "Shelfware" and "futureware" should not count. Fifty gigabytes of free storage are irrelevant if users need only two.

■ Move if there is clear evidence of a need to, a strong sense of urgency and clear commitment. Otherwise, stay put for now — a move to cloud office systems may be financially irreversible. The larger the enterprise, the more difficult it will be to develop a sense of urgency, potentially leading to a loss of opportunity.

Business Impact: Our opinion of the benefits of cloud office systems has evolved over the past 12 months. If, as we expect, providers invest in high-value smart machine capabilities and deliver them only via their cloud-based offerings, cloud office systems could have a high to transformational impact on businesses. Otherwise, cloud office systems' business impact will be moderate to low.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Google; Hancom; Huddle; IBM; Microsoft; salesforce.com; Zoho

Recommended Reading:

"The Cloud E-Mail and Collaboration Services Market"

Page 84 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

"The IT Role in Helping High-Impact Performers Thrive"

"Top 10 Strategic Technologies — The Rise of Smart Machines"

"Predicts 2014: The Emerging Smart Machine Era"

"Google Apps for Business: Leading With Gmail"

"Explore Microsoft's Office 365 Plans and Suite Options Now in Advance of IT Operations Inquiries"

Cloud Computing

Analysis by: David Mitchell Smith

Definition: Cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using Internet technologies.

Position and Adoption Speed Justification: Cloud computing remains a very visible and hyped term, but, at this point, it is approaching the Trough of Disillusionment. There are many signs of fatigue, rampant cloudwashing and disillusionment (for example, highly visible failures). Cloud computing remains a major force in IT and is still increasing in messages from vendors. Every IT vendor has a cloud strategy, although many aren't cloud-centric and some of their cloud strategies are in name only. Users are changing their buying behaviors, and, although they are unlikely to completely abandon on-premises models or source all complex, mission-critical processes as services through the cloud in the near future, there is a movement toward consuming services in a more cost-effective way and toward enabling capabilities not easily done elsewhere. Much of the focus is on agility, speed and other non-cost-related benefits.

Cloud computing has been, and continues to be, one of the most hyped terms in the history of IT. Its hype transcends the IT industry and has entered popular culture, which has had the effect of increasing hype and confusion around the term. In fact, cloud computing hype is literally "off the charts" as Gartner's Hype Cycle does not measure amplitude of hype (i.e., a heavily hyped term such as cloud computing rises no higher on the Hype Cycle than anything else).

Although the hype has long since peaked, there is still a great deal of hype surrounding cloud computing and its many relatives. Although the Hype Cycle does not measure amplitude, cloud still has more hype than many other technologies that are actually at or near the Peak of Inflated Expectations. Variations, such as private cloud computing and hybrid approaches, compound the hype and reinforce that one dot on a Hype Cycle cannot adequately represent all that is cloud computing.

The hype around cloud computing continues to evolve as the market matures. Initial hype about cost savings has now focused more on the business benefits that organizations would realize due to a shift to cloud computing. While some organizations have realized some cost savings, more and more are focusing on other benefits, such as agility, speed, time to market and innovation.

Gartner, Inc. | G00263850 Page 85 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

User Advice: User organizations must demand road maps for the cloud from their vendors. Users should look at specific usage scenarios and workloads, map their view of the cloud to that of potential providers and focus more on specifics than on general cloud ideas. Understanding the service models involved is key.

Vendor organizations must begin to focus their cloud strategies on more specific scenarios and unify them into high-level messages that encompass the breadth of their offerings. Differentiation in hybrid cloud strategies must be articulated and will be challenging as all are "talking the talk," but many are taking advantage of the even broader leeway afforded by the term. Cloudwashing should be minimized.

Cloud computing involves many components, and some aspects are immature. Care must be taken to assess maturity and assess the risks of deployment. Tools such as cloud service brokerages can help.

As user organizations contemplate the use of cloud computing, they should establish a clear understanding of the expected benefits of a move to the cloud. Likewise, organizations should clearly understand the trade-offs associated with cloud models to reduce the likelihood of failure. Benefits and trade-offs should be well-understood before embarking on a cloud computing strategy.

Business Impact: The cloud computing model is changing the way the IT industry looks at user and vendor relationships. As service provisioning (a critical aspect of cloud computing) grows, vendors must become providers, or partners with service providers, to deliver technologies indirectly to users. User organizations will watch portfolios of owned technologies decline as service portfolios grow. The key activity will be to determine which cloud services will be viable, and when.

Potential benefits of cloud include cost savings and capabilities (including concepts that go by names like agility, time to market and innovation). Organizations should formulate cloud strategies that align business needs with those potential benefits.

Benefit Rating: Transformational

Market Penetration: 5% to 20% of target audience

Maturity: Early mainstream

Sample Vendors: Amazon; Google; Microsoft; salesforce.com; VMware

Recommended Reading:

"Agenda Overview for Cloud Computing, 2014"

Cloud/Web Platforms

Analysis by: David Mitchell Smith

Page 86 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Definition: Cloud/Web platforms use Web technologies to provide programmatic access (for example, APIs) to functionality on the Web, including storage and computing power. Gartner uses the terms "Web platform" and "cloud platform" interchangeably, as well as the merged term "cloud/Web platforms." These platforms have ecosystems similar to traditional platforms, but the concept originally emerged as a result of market and technology changes collectively known at the time as "Web 2.0." Cloud/Web platforms are all about APIs.

Position and Adoption Speed Justification: The use of cloud/Web platforms is happening first in consumer markets. As further adoption of all the cloud service layers increases, use and maturity will evolve. Enterprise use of Web-based capabilities, such as Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2), is also underway. Furthermore, public APIs are gaining traction and are part of the overall phenomenon now known as the API economy. Cloud/Web platforms are rising beyond the Trough of Disillusionment as APIs themselves become more mainstream.

The cloud/Web platform is not the same as platform as a service (PaaS). According to the National Institute of Standards and Technology (NIST), PaaS refers to the middleware layer in cloud architectures. The cloud/Web platform is broader and employs a more accurate use of the term "platform" as a relative term (see "NIST and Gartner Cloud Approaches Are More Similar Than Different"); in addition, the platform is applicable at all layers of cloud architecture. Gartner's use of the term "cloud/Web platform" predates the PaaS term and current cloud terminology but is consistent with it.

Cloud/Web platforms will serve as broad, general-purpose platforms; however, more specifically, they will support business flexibility and speed requirements by exploiting new and enhanced forms of application development and delivery. Web platforms reuse many of the capabilities and technologies that have been accessible on websites for more than a decade through browsers by adding programmatic access to the underlying global-class capabilities. Reuse is occurring via services/APIs and is being delivered through Web-oriented architecture (WOA) interfaces, such as REST, plain old XML (POX) and JavaScript Object Notation (JSON). These platforms provide programmatic access to cloud computing capabilities. The public API phenomenon has taken WOA beyond consumer markets into enterprise scenarios.

User Advice: Web platforms and related phenomena have affected consumer markets, and enterprises should evaluate this growing space as an appropriate extension to internal computing capabilities. The use of Web platforms drives and is driven by the use of WOA, which enterprises should adopt where appropriate — along with simple interfaces such as REST, POX and JSON (wherever possible) — to exploit the interoperability, reach and real-time agility of the Internet.

Business Impact: Web platforms can be leveraged as part of business solutions and will form much of the basis for the next generation of interest in the virtual enterprise. Web platforms can decrease barriers to entry as well as deliver substantial value for small or midsize businesses that cannot afford to, or choose not to, build and maintain capabilities and infrastructures (examples include Amazon Web Services, salesforce.com's Salesforce1, Google's Compute Platform and Microsoft's Azure). Note that the term "cloud/Web platform" is broader than, and includes multiple

Gartner, Inc. | G00263850 Page 87 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

layers in, cloud computing terminology (for example, infrastructure as a service [IaaS], PaaS and SaaS), and the use of the term "platform" is different from the term "PaaS."

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Early mainstream

Sample Vendors: Amazon; Google; Microsoft; salesforce.com

Recommended Reading:

"Web Platforms Are Coming to an Enterprise Near You"

"NIST and Gartner Cloud Approaches Are More Similar Than Different"

Climbing the Slope

Browser Client OS

Analysis by: Annette Jump

Definition: The increasing focus on Web-based applications has created interest among consumers in a new form of simpler, pared-down OSs targeted at supporting just a Web-based browser and connection to the Internet. In browser client OSs, as all applications are Web-based, many traditional PC OS functions will be missing. While they may provide lower costs and simpler computing, they will have to rely on browser applications being available for most of the tasks required.

Position and Adoption Speed Justification: Ongoing complexity, security and support issues with client OSs, combined with the success of tablets, have resulted in the desire for smaller, simpler OSs. Hardware configurations of those devices are significantly simpler; compared with traditional PCs, the cost is usually lower; and lighter-weight, alternative OSs may provide a better user experience. For example, Google's Chrome OS, is a browser OS. In addition, because Web-based applications continue to become more pervasive, PC applications are also changing. Therefore, a slimmer-client OS will at some point be sufficient for many consumers — and some business users — to run most of the applications they need.

Chrome OS was the first major OS introduced that pioneered support-only Web browsing and browser-based applications. While Chrome OS is based on Linux, it has been reworked to support applications based solely on Web standards. Browser-client OSs has limited momentum, largely due to the success of other lightweight OSs that support rich application experiences. Android on smartphones and tablets, along with iOS on iPhones have attracted huge developer followings and, at least for now, they seem to be more desirable to users than the browser-client OS. However, with the increased marketing efforts by Google since 2013, as well as Google's desire to expand its product portfolio beyond traditional PC form factors, many vendors, such as Samsung, Acer, Lenovo, Dell, HP and Toshiba, launched new Chromebooks during 2013.

Page 88 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

The application ecosystem and application stores will be important in determining whether a browser-OS will be important, or will compete successfully with other thinner/lighter models. However, at present, the application ecosystem has been limited and the general awareness and marketing for them has been poor. Application developers are focusing their attention and time on two well-established ecosystems: iOS and Android, followed by the Windows ecosystem, while Google's Chrome OS is still viewed as being very niche (with only 1% of ultramobiles forecast in 2014 and only 1.3% in 2015).

User Advice:

■ For enterprise and education users:

■ Understand the limitations of these OSs and their associated devices — and plan potential use accordingly.

■ Consider using Chromebooks in the education sector, due to its simplified management requirements; or in a mixed environment for specific vertical usages; or users that mostly rely on cloud-based applications.

■ For device vendors:

■ Current browser-client OSs are unsuitable for the tablet devices category because of its lack of multitouch capabilities. Instead, use Chrome OS on clamshell notebooks and ultramobiles; position them as an alternative to low-cost Android-based tablets.

■ In the short- to midterm, explore opportunities for devices with browser-client OSs among selective educational organizations or companies that look for thinner PC architectures where some of those users are operating predominantly browser-based applications. Remain conservative in your forecasts.

Business Impact: Generally, browser-client OSs tend to suffer when direct comparisons are made with traditional PC OSs. This is because they lack much of the open extensibility, broad device support or the ability to support local rich applications (especially Microsoft Office/Office 365). As such, many consumers may suffer disappointment if the marketing doesn't accurately reflect the appropriate usage models. However, with the emergence of richer Web development environments (most notably, HTML5), much richer applications can be created to satisfy user needs, resulting in browser OSs becoming more competitive within the next three to five years.

During 2013, the browser-client OS gained good market traction among consumers in the U.S., U.K., and from within many education organizations in those countries. The success of a browser- client OS as an enterprise platform will most inevitably take much longer, simply because of application compatibility issues. Enterprises are still concerned that these OSs are too immature and lack sufficient compatibility with current application requirements.

Additionally, it is unclear how OS vendors will evolve these OSs, and the potential exists for interoperability issues. To succeed, browser-client OSs must gain a significant developer following; and consumers and organizations must be willing to eschew the current managed application market that has grown so popular for browser-based applications. The market share of browser

Gartner, Inc. | G00263850 Page 89 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

OSs must grow in the consumer and education segments before they are even to be considered for wider business adoption. Therefore, it is rather unlikely that any browser-client OS will gain any meaningful market share among enterprise PC users as a PC replacement within the next three to five years.

Benefit Rating: Moderate

Market Penetration: 1% to 5% of target audience

Maturity: Early mainstream

Sample Vendors: Google

Enterprise Cloud Email

Analysis by: Matthew W. Cain

Definition: Cloud email is multitenant software-as-a-service email specifically designed for enterprises. Cloud email is a primary component of cloud office systems.

Position and Adoption Speed Justification: Email in the cloud continues to be a hot topic for IT leaders. Almost every organization is contemplating a move to cloud email. We expect about 25% of the enterprise market will use cloud email by the end of 2017, growing to 50% by YE20, and hitting 90% in 2027.

We believe we have moved past the Trough of Disillusionment and are in the early stages of the Slope of Enlightenment. There is no doubt that organizations are still struggling with very long, complex and expensive migrations to the cloud — those will continue throughout the transition to cloud email. But where we are seeing more maturity — after seven years or so of effort — is better vendor support, more support options, better change management processes and better overall operational fitness. For most organizations, reaching a steady state with cloud email can take up to two years — but once in steady state, the overall results are good. Assuming consistent progress, we expect cloud email to reach the Plateau of Productivity in two to three years.

There is a new driver for moving to cloud email. Cloud email will generally be the first to benefit from the application of smart machine technology (virtual personal assistants, for example) to "office work," and these benefits will not similarly accrue to people with on-premises implementations. For example, Google has been offering email prioritization since 2012 and Microsoft recently announced its intent to deliver similar capabilities (called Clutter) exclusively for Office 365. IBM will also be delivering something similar with technology code-named Mail Next. This is the beginning of a major re-engineering of the office and a move from the 20th-century routine-task automation models to 21st-century man-machine collaboration.

User Advice:

■ All organizations should examine cloud email. Special attention should be paid to the migration process, ongoing change-management processes, vendor-supplied support infrastructure, the

Page 90 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

ability to meet custom requirements, the requirements for on-premises support engineers and visibility into operations.

■ Organizations also need to examine where they are in the email cycle: Those that have just gone through a significant version upgrade, or vendor migration, should generally realize more ROI from that change before moving to cloud email. Conversely, companies on the brink of changing email vendors (or undertaking a substantial version upgrade) should look more closely at cloud email services.

■ Companies should also determine internal email costs to ascertain if a move to cloud email makes economic sense.

Business Impact:

■ Organizations with large populations of users that don't rely heavily on email services — such as retail or manufacturing floor workers, data entry clerks or hospitality personnel — can immediately benefit from cloud email services.

■ Small to midsize businesses can achieve significant cost savings. The larger the enterprise, the more likely that it has more complex requirements, which leads to a reduction of economic benefits and/or the inability to meet customization requirements with cloud email.

■ Larger organizations with efficient email operations will probably not be in a position to save on operating costs by moving to cloud email.

Benefit Rating: Moderate

Market Penetration: 5% to 20% of target audience

Maturity: Early mainstream

Sample Vendors: Google; IBM; Microsoft

Recommended Reading:

"The Gartner Position on Cloud Email"

Infrastructure as a Service (IaaS)

Analysis by: Lydia Leong

Definition: IaaS is a standardized, highly automated offering where compute resources, complemented by storage and networking capabilities, are owned by a service provider and offered to the customer on demand. The resources are scalable and elastic in near real time, and are metered by use. Self-service interfaces are exposed directly to the customer, including an API and a GUI. The resources may be single-tenant or multitenant, and are hosted either by the service provider, or on-premises in the customer's data center.

Gartner, Inc. | G00263850 Page 91 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Position and Adoption Speed Justification: In practical terms, IaaS is on-demand computing capacity rented from a service provider. Rather than buying servers and running them within their own data centers, businesses simply rent the necessary infrastructure from a service provider in a shared, scalable, "elastic" way, and access it via the Internet or a private network. In some organizations, IaaS may eventually replace the traditional data center.

Cloud-based compute infrastructure services are now used to address a broad range of use cases. While careful attention still needs to be paid to selecting an appropriate provider, architecture, and security controls — and customers must address governance, risks and regulatory compliance — IaaS is a mainstream technology that can be used to host most workloads, including mission- critical enterprise applications. The best use of IaaS is transformational, where it can offer significant benefits in business agility, operations quality, and cost. However, customers can also successfully use IaaS simply as a form of outsourced virtualization.

IaaS is most often used to improve developer agility, spanning the entire application life cycle from development to production. Many customers use these services as test and development infrastructure for pilot projects, rapid application development environments and formal lab environments. As test and development-specific features and management tools improve, formal development environments will become more common. IaaS can also be used to improve the agility of other technical users, such as scientists and engineers. Batch-oriented, compute-intensive workloads (such as modeling, simulation, scientific computing and one-time processing needs like transcoding) are highly cost-effective in the cloud. Big data use cases are increasingly common.

It is also common to use IaaS to host websites and Web-based applications, especially those that serve a consumer audience via the Internet. IaaS is also frequently used to serve internal applications to users within the enterprise, including hosting applications like Microsoft SharePoint. IaaS may also be used as the back end to a mobile application, such as an iPhone app. These uses of IaaS are convergent with the general Web hosting market and features, and capabilities formerly available only on dedicated hardware are now being extended to shared cloud resources.

These services are maturing and being adopted most quickly in the U.S. Although global demand is robust, including in emerging markets, the growth of the market is slower outside the U.S. due to a number of factors including:

■ Less competition

■ Less mature offerings

■ Fragmentation resulting from regulatory and data-sovereignty requirements

■ The need to keep data and processing in-country

User Advice: Cloud provider capabilities vary significantly, but many offer strong SLAs backed by financial penalties, high levels of security, and solid service and support. Businesses can safely adopt these services. The risks are not significantly greater than other outsourced hosting approaches, assuming the cloud services used match the service-level and security needs of the applications.

Page 92 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Most enterprises have begun to adopt IaaS in a strategic way — and have a broad range of workloads on IaaS, including production applications — but IaaS still represents only a small percentage of their overall workloads. Midmarket businesses have been slower to adopt IaaS, and many are still in the initial stages of adoption, but are more likely to believe that IaaS will replace nearly all of their own data center infrastructure over the next five years. Businesses that have not yet trialed IaaS should consider pilot projects for test and development, compute capacity augmentation, Web content and applications. Successful pilots can be expanded into broader production use.

Both public multitenant and private single-tenant offerings are available, but the distinction between public and private cloud IaaS is blurring. The most cost-effective clouds are highly standardized and use a shared capacity pool. Hybrid public/private cloud offerings — enabling "cloud bursting" for on-demand capacity and business continuity — currently exist but the technology will not be mature until at least 2016.

This market is evolving extremely quickly, so the suitability of these services should be re-evaluated at least once every six months.

Business Impact: Cloud compute infrastructure services will be broadly advantageous to IT organizations. The cost benefits, driven primarily by automation, will be particularly significant for small and midsize businesses. Larger enterprises will benefit primarily from greater flexibility and agility, rather than direct cost reduction.

In the short term, the benefits will be driven primarily by rapid provisioning that requires minimal manual intervention. Over the longer term, more system management tasks will be automated, leading to more efficient infrastructure management. Organizations that simply "lift and shift" workloads to the cloud will reap limited cost and efficiency benefits compared to those who use IaaS as a way to drive IT transformation.

The metered-by-use attribute of these services will result in more efficient use of capacity and their self-service nature will empower employees outside of IT operations, improving developer productivity and making it easier for business buyers to obtain infrastructure.

Benefit Rating: High

Market Penetration: 5% to 20% of target audience

Maturity: Adolescent

Sample Vendors: Amazon Web Services; CenturyLink; CSC; Microsoft (Azure); Rackspace; Verizon Terremark

Integration Brokerage

Analysis by: Benoit J. Lheureux

Gartner, Inc. | G00263850 Page 93 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Definition: Gartner defines integration brokerage (IB) — often referred to as "EDI managed services" or "B2B integration outsourcing" — as a category of IT outsourcing for application and data integration projects. Defining characteristics of IB include multienterprise integration project implementation and managed services; a B2B network providing multilateral communication between a consolidated community of external business partners; and a scalable, cloud-based infrastructure that provides secure communications, data transformation, governance, etc.

Position and Adoption Speed Justification: Despite viable alternatives to IB, such as integration software or iPaaS, over 1 million companies worldwide leverage IB, and providers report robust (typically exceeding 10%) year-to-year growth in the number of companies connected to and transacting on their networks — see "Magic Quadrant for Integration Brokerage." While most integration projects today have a center of gravity in North America or Western Europe, there is rapid adoption in Latin America (driven, in part, by e-invoicing government mandates) and the Asia/ Pacific region (driven, in part, by IT modernization projects), which makes IB adoption a global phenomenon. This is consistent with the macro business trend to outsource noncore competencies and the worldwide increase in cloud adoption and growing utilization of cloud services brokerages to facilitate cloud consumption (see "Forecast: Public Cloud Services Brokerage, 3Q13"). In particular, companies worldwide spend approximately $1.5 billion on IB, and that spending is estimated to grow at a 15% compound annual growth rate (CAGR) over the next few years (see "Competitive Landscape: Integration Brokerage").

The most predominant adoption scenario for IB (and largest source of spend on IB) is still for some form of e-commerce-related supply chain integration, simply because connecting dozens, hundreds or even thousands of companies requires a lot of effort relative to more-limited-scope cloud services integration projects that involve a few cloud and on-premises application endpoints. However, we are seeing a rapid acceleration of IB adoption for IT project scenarios involving CSB, cloud services (typically SaaS) integration, and enterprise APIs.

This year, IB has moved a bit further along the Slope of Enlightenment as traditional supply chain projects merge with cloud services integration projects, and vice versa. Macro IT outsourcing and cloud adoption are key drivers, as is the increasing maturity of providers of IT. This is also because companies that are involved in complex supply chains are beginning to implement their supply chain software in the cloud as SaaS rather than using on-premises application software at the same time that companies that are implementing SaaS projects are beginning to integrate that functionality — whatever it is — with external business partners.

User Advice: Prior to signing an agreement, consider leveraging "Toolkit: RFP Template for Integration Brokerage" — it includes a template for a Microsoft Word-based RFP document, and for an Excel-based vendor evaluation spreadsheet. Understand your IB project requirements so you can negotiate a solid agreement that, at a minimum, addresses:

■ Your complete list of trading partners (sorted by strategic importance and country)

■ What maps for translation must be developed (for all inbound and outbound traffic)

■ Key application and data interfaces and reliability and performance milestones (e.g., for application, mobile and SaaS APIs)

Page 94 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Clearly defined key milestones and delivery dates (i.e., SLAs for clear escalation procedures, what must be done and by when) — this is extraordinarily important

■ A few fine-grained proof-of-concept deliverables to demonstrate early IB project "wins"

■ Reporting and governance (who is responsible for what tasks and how those tasks are tracked)

■ A clear understanding of the role you will retain (i.e., what you will do) — and the role you are willing to outsource (i.e., what the provider will do) — for initial integration project implementation and ongoing project management

■ Articulating what a successful project outcome means to your business (and the impact, if not successful)

After you've signed an agreement:

■ Establish your provider as a strategic partner in the successful outcome of your project.

■ Meet regularly with your provider to monitor the quality and timeliness of key IB project milestones.

■ If expectations are not met, work with your provider early on to jointly establish the root cause, then jointly work together (and be willing to improvise) to improve outcomes.

■ If expectations are still not being met, escalate — sometimes executive involvement can help.

Business Impact: IB usage and adoption scenarios vary widely and include:

■ Traditional e-commerce supply chain integration

■ Cloud services brokerage-related integration projects

■ Publishing and consuming enterprise APIs

■ Projects involving data synchronization

■ Managed file transfer (i.e., for heavy-lifting file/data movement)

■ Application infrastructure consolidation/modernization projects

■ Multinational e-invoicing projects, particularly in Europe and Latin America

■ Internal (A2A) integration projects, particularly when IT resources are scarce

■ Small to midsize integration projects — particularly those that involve SaaS

Although many companies still implement and then manage their own integration projects, the alternative of IB offers potential benefits for almost all firms, small, midsize or large, across all industries and geographies. This is because SaaS and B2B integration projects are relatively easy to segregate and outsource, and because IB providers offer a viable and cost-effective alternative to implementing such projects in-house. The impact of IB will continue to be substantial, and most midsize and large companies likely will still outsource at least some of their multienterprise integration and cloud services integration projects because they simply don't have the scale to keep

Gartner, Inc. | G00263850 Page 95 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

or expand internal integration skills. Through 2017, the complexity and high maintenance cost of internally developed B2B integration projects will drive companies worldwide to outsource 20% to 30% of these projects to providers of IB.

Benefit Rating: Moderate

Market Penetration: 20% to 50% of target audience

Maturity: Early mainstream

Sample Vendors: Accenture; Appirio; Bluewolf; Capgemini; Celigo; Cloud Sherpas; Comarch; Deloitte; eBuilder; eZCom Software; E2open; Edicom; Elemica; Exostar; HP; IBM; Infosys; Liaison Technologies; NeoGrid; OmPrompt; OpenText (GXS); RedTail Solutions; Seeburger; Software AG (LongJump); SPS Commerce; Tie Kinetix; Tieto; Wesupply; Wipro

Recommended Reading:

"Integration Brokerage Offers Intermediation for Cloud Services Brokerage and B2B E-Commerce"

"Competitive Landscape: Integration Brokerage"

"Devise a Systematic API Management and Governance Strategy for Long-Term CSB Success"

"Integration Brokerage Solution Patterns Address Many Integration Problems"

"Toolkit: RFP Template for Integration Brokerage"

Software as a Service (SaaS)

Analysis by: Robert P. Desisto

Definition: SaaS is the application services layer within cloud computing. The application software is owned, delivered and managed remotely by one or more providers. The provider delivers an application based on uniform application definition on a sharing model at one or more layers of the application stack. SaaS is purchased on a pay-for-use basis or as a subscription based on usage metrics.

Position and Adoption Speed Justification: The purpose of the SaaS positioning on the Hype Cycle is to provide an aggregate view of the state of SaaS in the context of cloud computing. The SaaS positioning reflects the maturity of SaaS in the context of leveraging the cloud computing infrastructure. Because different software applications using SaaS would be placed on different points on a Hype Cycle, due to continued acceleration of SaaS applications in the market, the SaaS profile has continued its movement on the Hype Cycle to preplateau 45%.

User Advice: Companies with complex requirements should not assume they will significantly lower their total cost of ownership or reduce complexity by moving to SaaS. Companies with tight capital budgets or departments with no capital budgets, those that are IT-resource-constrained and those that want to get something simple deployed quickly should consider SaaS. Even if one or more criteria involved in considering SaaS are not met (see "The Right Definition of SaaS Will Reduce Its

Page 96 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Business Value Uncertainties"), a SaaS solution still may be best for a company. However, as with any product, a company should evaluate the functional capabilities of the SaaS offering to meet the company's specific requirements.

Business Impact: SaaS has the effect of lowering expenses for the first two years, because it does not require an upfront capital investment. However, in subsequent years, SaaS may become more expensive, because the operating expense does not decrease. SaaS is also helpful to companies that do not have the IT resources to deploy and maintain on-premises software. This is prevalent in small and midsize businesses, as well as large businesses that have experienced downsizing in the IT department. SaaS will enable companies or business departments get to live-deployment status more quickly, especially when deploying applications with less complexity. On an ongoing basis, SaaS provides more agility for making configuration changes for users.

Benefit Rating: Moderate

Market Penetration: More than 50% of target audience

Maturity: Early mainstream

Sample Vendors: Concur; Microsoft; NetSuite; Oracle; salesforce.com; SAP; Workday

Recommended Reading:

"How to Ease the Planning, Sourcing and Implementation of SaaS Projects"

"The Right Definition of SaaS Will Reduce Its Business Value Uncertainties"

Sales Force Automation SaaS

Analysis by: Robert P. Desisto

Definition: Sales force automation (SFA) applications provide capabilities focusing on the external aspects (customer/prospect) of sales on accounts, contacts, opportunities, marketing and selling processes. SFA SaaS is application software owned, delivered and managed remotely by one or more providers. The provider delivers an application based on a single set of common code and data definitions that is consumed in a one-to-many model by all contracted customers at any time on a pay-for-use basis, or as a subscription based on usage metrics.

Position and Adoption Speed Justification: SFA SaaS is more than 14 years old. Every vendor who is in our 2014 SFA Magic Quadrant either has a SaaS offering or will have one in 2014. All market segments, from small to large, have validated its use, and users have a better expectation of the benefits and costs associated with SFA SaaS. IT departments continue to be more engaged in purchasing decisions and are becoming more involved in vendor evaluations, placing higher scrutiny on the on-demand provider's data center operations, upgrade practices and SLAs.

User Advice: Sales organizations with complex requirements (such as significant process automation outside of opportunity management and complex real-time integration) should not

Gartner, Inc. | G00263850 Page 97 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

assume that they will significantly lower their total cost of ownership simply by moving to SaaS. Companies with tight capital budgets, those that are IT-resource-constrained and enterprises that want to get something simple deployed quickly should consider SFA SaaS. Even if one or more of the three elements involved in considering SFA SaaS is not relevant, a SaaS solution still may be best for a company. However, as with any product, the sales organization should evaluate the functional capabilities of SFA SaaS offerings to meet the company's specific requirements. Sales organizations should also conduct careful planning around integration needs to support more expansive processes, such as order to cash.

Business Impact: The primary business effect of SFA SaaS involves the capabilities that manage accounts, contacts, opportunities and sales pipelines. Sales organizations gain greater visibility, sales process formalization and help with bottom-up forecasting.

Benefit Rating: Moderate

Market Penetration: 20% to 50% of target audience

Maturity: Mature mainstream

Sample Vendors: Aptean; B-kin; CRMnext; Microsoft; NetSuite; Oracle; salesforce.com; Sage North America; Soffront Software; SugarCRM; Swiftpage; Tour de Force CRM; Zoho

Recommended Reading:

"Evaluate the Impact of Sales Force Automation Functionality"

"The Top Three Impacts of Cloud Computing on Sales and Business Applications"

Virtualization

Analysis by: Thomas J. Bittman; Philip Dawson; Naveen Mishra

Definition: Virtualization is the abstraction of IT resources that masks the physical nature and boundaries of those resources from resource users. An IT resource can be a server, a client, storage, networks, applications or OSs. Essentially, any IT building block can potentially be abstracted from resource users.

Position and Adoption Speed Justification: Abstraction enables better flexibility in how different parts of an IT stack are delivered, thus enabling better efficiency (through consolidation or variable usage) and mobility (shifting which resources are used behind the abstraction interface), and even alternative sourcing (shifting the service provider behind the abstraction interface, such as in cloud computing). A key to virtualization is being able to effectively describe what is required from the resource in an independent, abstracted and standardized manner. In essence, cloud computing is about abstracting service implementation away from the consumers of the services by using service-based interfaces (that is, the interface for cloud computing services is about virtualization — an abstraction interface). To a provider, virtualization creates the flexibility to deliver resources to meet service needs in a very agile, elastic, rapidly changing manner. The tools that make that happen could be virtual machines, virtual LANs (VLANs) or grid/parallel programming. Virtualization

Page 98 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

is also synonymous with software-defined anything (SDx); although these are similar approaches, they differ in that SDx consolidation and abstraction may be done elsewhere in software (such as in a DBMS or application server), not the virtualization software (such as a hypervisor).

Virtualization is not simply one technology; rather, it is many technologies that are all evolving at different rates. Virtual machines for servers, for example, were introduced on the mainframe more than 30 years ago. However, virtual machines for x86 architecture servers were introduced in 2001 and, today, are used for more than 70% of all x86 architecture workloads. Storage virtualization is relatively mature within storage vendor offerings; originally in homogeneous forms only, there are a growing number of heterogeneous offerings. Networking is extremely mature in terms of virtualization. There are many forms of virtualization, and the challenge is choosing which form to use. For example, server virtualization tools tend to dictate how storage and networking will be virtualized. Abstracting a resource usually means commoditizing it. Vendors will not promote an abstraction technology that hides their differentiation, and thus will promote their own virtualization technologies. There are many technologies and many competing solutions, and not all the technologies are mature yet.

User Advice: The virtualization trend has caused huge turmoil among vendors, threatening commoditization status and removing the vendor's ability to differentiate and influence buyers. Vendors are focusing on competing for ownership of the virtualization layers, and the management/ automation tools that work with those virtualization layers. Be cautious about vendors that promote one technology to virtualize everything. Different technologies will be appropriate for different situations. Be cautious about vendors that promote one technology to manage everything. In the end, architectures will include many different virtualization layers, with many different management mechanisms. Effective tools will work with those various management mechanisms, rather than replace them.

Virtualization is about much more than technology architecture; it also causes cultural and political change. Virtualization projects, therefore, need strong executive support to drive those changes. Finally, virtualization requires processes and management tools to fundamentally change how they work. Processes need to account for speed, agility and granularity, which are very different in virtualized environments. At the highest level, management tools need to shift from managing vertical, tightly integrated silos into managing horizontal resource pools to meet service needs (leading to new architectures, such as fabric-based infrastructures). Virtualization projects that don't have effective management strategies will fail.

Business Impact: Virtualization makes it easier for IT to deliver IT capabilities faster, to have a lower barrier to access IT capabilities, and to deliver exactly the right amount of resources needed — no more and no less. This puts more pressure (and opportunity) on the user to use IT efficiently, and to make good business decisions about the use of IT. As an IT catalyst, virtualization can help a business adjust to changing market trends faster than before, transforming the business and its use of IT. However, a solution used badly can also cause a business to "slip and fall," negatively affecting business performance.

Virtualization starts to change the relationship between the enterprise and IT based more on service levels, and is tracked and perhaps paid for based on usage (that is, not simply as a cost center, but

Gartner, Inc. | G00263850 Page 99 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

as an investment). In many cases, business units will need to adjust to leverage the speed and granularity that virtualization provides (for example, virtual machines can be deployed roughly 30 times faster than physical servers, which have a tendency to double demand for servers). That includes making good decisions about how many resources to ask for and taking advantage of speed to deploy IT-based solutions much faster to meet the business's needs. Part of an effective virtualization deployment requires good usage metering, showback and, where politically feasible, chargeback to treat this more-fluid IT resource as any other business. This also helps differentiate from SDx, where metering and showback are not mandatory but of course desirable.

Benefit Rating: Transformational

Market Penetration: More than 50% of target audience

Maturity: Mature mainstream

Sample Vendors: Cisco; Citrix; EMC; HP; IBM; Microsoft; NetApp; Oracle; Parallels; Red Hat; VMware

Recommended Reading:

"How to Choose Between Hyper-V and vSphere"

"IT Market Clock for Server Virtualization and Operating Environments, 2013"

"Magic Quadrant for x86 Server Virtualization Infrastructure"

Appendixes

Page 100 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Figure 3. Hype Cycle for Cloud Computing, 2013

Innovation Trigger

Peak of Inflated

Expectations

Trough of Disillusionment Slope of Enlightenment

Plateau of Productivity

time

expectations

Plateau will be reached in:

less than 2 years 2 to 5 years 5 to 10 years more than 10 years obsolete before plateau

As of July 2013

DevOps

Private PaaS

Cloudbursting IaaS+

Cloud Application Development Services

BPaaS

Hybrid Cloud Computing

Cloud Services Brokerage

Cloud Management Platforms

Platform as a Service (PaaS)

Private Cloud Computing Application PaaS (aPaaS)

Big Data

Enterprise Cloud Email

Elastic Multitenancy

Database Platform as a Service (dbPaaS)

Real-Time Infrastructure

Public Cloud Storage

Browser Client OS

Infrastructure as a Service (IaaS)

Software as a Service (SaaS)

Cloud Advertising

Cloud MDM Hub Services

Hybrid IT Cloud API Management

Personal Cloud

Cloud Office Systems

Cloud/Web Platforms

Sales Force Automation SaaS

Virtualization

Cloud IMDG Services

Cloud Security Frameworks

Community Cloud Integration PaaS (iPaaS)

Open-Source Cloud Management Platforms

Cloud BPM

Cloud Computing

Business Analytics PaaS (baPaaS)

Software-Defined Anything

Cloud Business

Private IaaS Cloud-Based Security Services

Source: Gartner (July 2013)

Gartner, Inc. | G00263850 Page 101 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Hype Cycle Phases, Benefit Ratings and Maturity Levels

Table 1. Hype Cycle Phases

Phase Definition

Innovation Trigger A breakthrough, public demonstration, product launch or other event generates significant press and industry interest.

Peak of Inflated Expectations

During this phase of overenthusiasm and unrealistic projections, a flurry of well-publicized activity by technology leaders results in some successes, but more failures, as the technology is pushed to its limits. The only enterprises making money are conference organizers and magazine publishers.

Trough of Disillusionment

Because the technology does not live up to its overinflated expectations, it rapidly becomes unfashionable. Media interest wanes, except for a few cautionary tales.

Slope of Enlightenment

Focused experimentation and solid hard work by an increasingly diverse range of organizations lead to a true understanding of the technology's applicability, risks and benefits. Commercial off-the-shelf methodologies and tools ease the development process.

Plateau of Productivity The real-world benefits of the technology are demonstrated and accepted. Tools and methodologies are increasingly stable as they enter their second and third generations. Growing numbers of organizations feel comfortable with the reduced level of risk; the rapid growth phase of adoption begins. Approximately 20% of the technology's target audience has adopted or is adopting the technology as it enters this phase.

Years to Mainstream Adoption

The time required for the technology to reach the Plateau of Productivity.

Source: Gartner (July 2014)

Table 2. Benefit Ratings

Benefit Rating Definition

Transformational Enables new ways of doing business across industries that will result in major shifts in industry dynamics

High Enables new ways of performing horizontal or vertical processes that will result in significantly increased revenue or cost savings for an enterprise

Moderate Provides incremental improvements to established processes that will result in increased revenue or cost savings for an enterprise

Low Slightly improves processes (for example, improved user experience) that will be difficult to translate into increased revenue or cost savings

Source: Gartner (July 2014)

Page 102 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

Table 3. Maturity Levels

Maturity Level Status Products/Vendors

Embryonic ■ In labs ■ None

Emerging ■ Commercialization by vendors

■ Pilots and deployments by industry leaders

■ First generation

■ High price

■ Much customization

Adolescent ■ Maturing technology capabilities and process understanding

■ Uptake beyond early adopters

■ Second generation

■ Less customization

Early mainstream

■ Proven technology

■ Vendors, technology and adoption rapidly evolving

■ Third generation

■ More out of box

■ Methodologies

Mature mainstream

■ Robust technology

■ Not much evolution in vendors or technology

■ Several dominant vendors

Legacy ■ Not appropriate for new developments

■ Cost of migration constrains replacement

■ Maintenance revenue focus

Obsolete ■ Rarely used ■ Used/resale market only

Source: Gartner (July 2014)

Gartner Recommended Reading Some documents may not be available as part of your current Gartner subscription.

"Understanding Gartner's Hype Cycles"

"The What, Why and When of Cloud Computing"

"Agenda Overview for Cloud Computing, 2014"

More on This Topic

This is part of two in-depth collections of research. See the collections:

Gartner, Inc. | G00263850 Page 103 of 105

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

■ Research Roundup for Cloud Computing Foundational Research

■ Gartner's Hype Cycle Special Report for 2014

Page 104 of 105 Gartner, Inc. | G00263850

This research note is restricted to the personal use of [email protected]

This research note is restricted to the personal use of [email protected]

GARTNER HEADQUARTERS

Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096

Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM

For a complete list of worldwide locations, visit http://www.gartner.com/technology/about.jsp

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity.”

Gartner, Inc. | G00263850 Page 105 of 105

  • Analysis
    • What You Need to Know
    • The Hype Cycle
    • The Priority Matrix
    • Off the Hype Cycle
    • On the Rise
      • Web-Scale Architecture
      • Cloud Integrated Infrastructure Services (CIIS)
      • Cloud MDM Hub Services
      • Specialist Cloud Service Brokerages
      • Cloud/Client Computing
      • Software-Defined Anything
      • Customization Brokerage
      • Cloud IMDG Services
      • DevOps
      • Container Frameworks
      • Internal CSB
    • At the Peak
      • Hybrid IT
      • Private PaaS
      • Cloud API Management
      • Cloud Security Standards
      • ADLM PaaS
      • Enterprise Integration PaaS (iPaaS)
      • Cloud Management Platforms
      • Cloudbursting
      • Platform as a Service (PaaS)
      • Cloud Service Brokerage
    • Sliding Into the Trough
      • Application PaaS (aPaaS)
      • Big Data
      • Cloud BPM
      • Cloud Testing Tools and Service
      • Database Platform as a Service
      • Hybrid Cloud Computing
      • IaaS+
      • Personal Cloud
      • Private Cloud Computing
      • Private IaaS
      • Cloud-Based Security Services
      • Real-Time Infrastructure
      • Public Cloud Storage
      • Cloud Office Systems
      • Cloud Computing
      • Cloud/Web Platforms
    • Climbing the Slope
      • Browser Client OS
      • Enterprise Cloud Email
      • Infrastructure as a Service (IaaS)
      • Integration Brokerage
      • Software as a Service (SaaS)
      • Sales Force Automation SaaS
      • Virtualization
    • Appendixes
      • Hype Cycle Phases, Benefit Ratings and Maturity Levels
  • Gartner Recommended Reading
  • List of Tables
    • Table 1. Hype Cycle Phases
    • Table 2. Benefit Ratings
    • Table 3. Maturity Levels
  • List of Figures
    • Figure 1. Hype Cycle for Cloud Computing, 2014
    • Figure 2. Priority Matrix for Cloud Computing, 2014
    • Figure 3. Hype Cycle for Cloud Computing, 2013