Cloud computing requires independent service controls
TMT Predictions 2017: IT as a Service
Traditionally, enterprises owned IT and telecom hardware and services, either on premise or hosted. But the abundance of IT, commoditizing and permeating into everything that we do, is boosting the flexible consumption model such as IT-as-a-Service. Cloud models are forecasted to account for more than half of IT spending by 2022. But how can companies meet their critical requirements for security, privacy and compliance in the cloud, especially when private or inherent controls are absent?
From Application-as-a-Service to IT-as-a-Service
The concept of IT-as-a-Service (ITaaS), which is one of the topics of our TMT Predictions 2017, can easily be misinterpreted as yet another flexible consumption model similar to what we have seen before since the introduction of the ASP model (Application-as-a-Service) around the turn of the millennium*. The subscription based IT consumption model was more successfully followed by the Infrastructure-as-a-Service (IaaS), Platform-as-a-service (PaaS) and Software-as-a-Service (SaaS). Though clearly defined conceptually, the ASP definition was deliberately abandoned having failed to live up to its promise of on demand IT application delivery. This failure is essentially due to being overhyped and launched too early as essential components such as network bandwidth, architecture and availability or uptime reliability were absent or not mature enough. With these obstacles now overcome, cloud computing has seen immense growth and massive adoption across all types of industries and IT services.
However, despite the more business oriented nature of today’s cloud computing service models, IaaS, PaaS, and to a lesser degree SaaS are still rather technically defined. They are all focused on their own specific benefits and performance KPI’s rather than business outcomes as a whole. In addition, elements such as private and public cloud deployments further obscure the subscription based delivery objectives.
In this respect, ITaaS brings a significant difference. With its specific focus on business use such as predictable expenses and continuous service monitoring, it is a service model that overarches all other service models. It is not concerned with technical or infrastructural features but takes a more abstract view, looking at IT from a business objectives viewpoint. This is a definite improvement over the limited technical view of the flexible consumption models it is replacing. No wonder ITaaS is growing fast. In the Technology, Media and Telecommunications Predictions 2017 report, Deloitte Global forecasts that by the end of 2018, spending on IT-as-a-service for data centers, software and services will be just under 550 billion worldwide**.
Security, privacy and compliance
Historically, enterprises owned (bought, rented of leased) IT and telecom hardware, also known as ‘on premise solutions’. Flexible consumption reverses that model completely, with every aspect of IT now available on a ‘you only pay for what you need & use’ basis. This flexibility does not only work for laptop computers or data centers and so on, but also for services to secure the company. Besides cost and control requirements, security and privacy are two of the major adoption considerations to consume IT from the cloud. Security, privacy and also compliance requirements are – and have been – critical across all flexible delivery models. Specifically ITaaS, given the absence of private or inherent controls in this supplier model as well as the dependence on abstract provider specifications and service levels.
Since a growing number of companies obtaining their IT services from an external source lack the expertise necessary for assessing these services, an independent risk management and assurance approach is a fundamental governance element. The distinct focus on business needs and flexible consumption in the ITaaS model increases the abstraction level even more, compared to the other as-a-service models. This intensifies the need for independent security, privacy and compliance controls such as Monitoring, Treat Intelligence or managed Privacy Services.
These services can also be consumed on a per need and subscription basis. In other words, they themselves take the form of IT-as-a-Service. Hacking-as-a-Service is a typical example of an ITaaS solution which provides an independent security services assessment for provided IT services. Not by focusing solely on specific tooling or techniques; it is aligned to the business and assurance need which arises with the IT being delivered in a service consumption model. It is delivered regardless of infrastructure, on-site or off-site and product agnostic, independently assessing the security status across applications and infrastructure, at the moment it is required. HaaS is aligned to business IT development and release cycles and based on expert knowledge, independent of infrastructure location or platform, infrastructure, software or technical specifications such as multitenancy.
This is only one of the ITaaS examples of how companies can meet their critical requirements for security in the cloud. With the prediction that in 2018 the spending on IT-as-a-service for data centers, software and services will be just under 550 billion worldwide, an independent risk management and assurance approach is definitely something worth considering.
Would you like to have more information about IT as a Service or the TMT Predictions? Please contact Kees Plas or Patrick Steemers through the contact details below.