The climactic scene in the movie A Few Good Men is a dramatic courtroom confrontation between Tom Cruise and Jack Nicholson. Cruise, playing the role of a Navy lawyer, is aggressively challenging Nicholson, playing the role of a Marine Corps colonel, about his role in the death of a Marine private. Their courtroom exchange is eerily similar to the discussions that are currently taking place between the providers and consumers of cloud computing capabilities (hopefully, with a little less dramatic embellishment!). If you'll pardon the artistic license, those exchanges go something like this:

Cloud Vendor: You want answers?
Cloud Customer: I think I'm entitled to answers.
Cloud Vendor (with feeling): YOU WANT ANSWERS??
Cloud Customer (with more feeling): I WANT THE TRUTH!!

At this point many vendors are thinking to themselves the retort that Nicholson delivers in the movie, namely: YOU CAN'T HANDLE THE TRUTH!!!

Although most IT organizations are seeking ways to realize the benefits of cloud computing, most are poorly prepared to adopt the changes to procurement practices, operational procedures, and organizational structures that are truly required. Cloud computing provides businesses with new ways of virtualizing their business application portfolios, virtualizing and pooling their IT infrastructure assets, and gaining virtual access to highly scalable computing resources on an as-needed basis. Companies will find it difficult to realize gains in business agility and cost efficiency afforded by these new capabilities if they cannot overcome the following issues.

The Truth About Cloud
As a CIO, you and your organization will struggle to achieve the benefits of cloud computing if:

You don't have a robust, single sign-on security architecture that can be easily replicated and extended to cover both "on-premise" and "off-premise" applications

Users of SaaS (Software as a Service) applications don't want to manage multiple authentication procedures to gain access to the tools they need to perform their jobs. As smartphones and tablet computers become more ubiquitous in the workplace, conventional VPN solutions for enabling secure access to SaaS tools are being viewed as increasingly cumbersome and anachronistic. Users want to be directly URL-enabled to gain access to their business applications through a wide variety of devices, increasing the need for robust and extendable security architectures.

You have failed to develop strong SOA competencies in the past

SaaS applications present a wide variety of data integration challenges. Invariably, they need to exchange data with corporate databases within the corporate firewall, other "on-premise" applications, and other SaaS products. Moving data among these different entities with the appropriate synchronization and ETL procedures can be quite challenging. It's not advisable to be expanding your SOA and SaaS management skills at the same time. Hopefully you have the SOA sophistication required to manage the integration of SaaS products into your pre-existing application and database ecosystem.

You don't proactively monitor the global user experience of your existing "on-premise" applications

How will you ever be able to manage the performance of your SaaS providers if you don't proactively monitor the availability, response times, and integrity of their services from all of your major operating locations? If you are not proactively monitoring the quality of the services they are delivering, you are implicitly relying on your users to detect and report performance issues. At best, that's a fairly random and inconsistent process. At worst, it's a tremendous inconvenience to impose on your users and will invariably result in longer recovery times in the event of a problem or failure. If you are not already performing this type of surveillance on your existing applications, you will be challenged to develop such competencies as your SaaS portfolio expands.

You don't fully incorporate SaaS applications in your Disaster Recovery (DR) plans

DR planners are typically thrilled to learn that their company plans to expand the use of SaaS applications. They think that a "SaaS-first" strategy will reduce the scope of their responsibilities since the infrastructure supporting SaaS tools is no longer owned or operated by their organization. Although there's a certain logic to that perspective, the truth is that SaaS applications are inextricably linked to the security applications, corporate databases, and "on-premise" applications that must have formal DR protection plans. If those plans fail in whole or in part, they may compromise access to SaaS applications or the integrity of the data being delivered by SaaS applications.

Your internal business clients and functional groups think that they own the hardware in the data center

Private clouds are constructed by virtualizing all components of your operating infrastructure (i.e., servers, storage, and networks), pooling capacity, and allocating capacity in a dynamic fashion to satisfy the ever-changing needs of your business. The financial benefit of private cloud computing is the ability to optimize capacity utilization of the overall pool, instead of optimizing the utilization of individual clusters of assets. If your corporate finance group thinks they need to be consulted before you start virtualizing the servers hosting their applications or co-locating their applications on servers being used by other departments, you've got some significant political issues to overcome before you will realize tangible business benefits through virtualization.

Your storage and network teams think that cloud computing is an exercise in server virtualization

Storage, network, and server engineers need to stop trying to optimize the availability, performance, utilization, and scalability of their individual technologies. Instead, they need to transform themselves into infrastructure engineers that understand how their technologies work together to deliver services to end users. With this understanding, they need to optimize the effectiveness and resiliency of the integrated technology stack that is being used to support individual business applications. Server, storage, and network technologies are converging faster than the skills, job descriptions, and organizational structures we use to manage them. If the engineering and operations teams managing these technologies are in a state of denial about the technology convergence that is happening around them, you're not ready for the cloud.

You are unable to standardize on a limited number of technology architectures to support the majority of your development, test, and production requirements

Technology diversity in the data center will stymie the most well intended and enthusiastic efforts to construct a private cloud. Optimizing the performance and utilization of pooled resources requires the ability to move workloads across those resources and reassign the resources when they are no longer needed. The lethal efficiencies in provisioning times, availability, response times, and capacity utilization that cloud computing can deliver in principle will not be realized in practice if every application team requires a unique combination of app/web/DB server platforms, storage-tiering solutions, and network bandwidth. Standardization of software utilities, DBMSes, and patch levels above the OS layer is also required to deliver functional environments to application dev/test teams on a self-serve basis. One of the abiding IT principles that must be continually relearned by successive generations of IT practitioners is that standardization is the key to affordability, and affordability is the key to business agility. Technology standardization initiatives should precede any and all private cloud computing initiatives.

You are unable to procure infrastructure capacity in advance of demand

If your current procurement procedures require incremental investments in infrastructure capacity to be justified on a project-by-project basis, you'll find it difficult (if not impossible) to maintain the surplus capacity in the server farms, storage pools, and network circuits that are required to optimize the overall performance of your private cloud. CIOs require a rechargeable "debit card" from their CFOs that will enable them to procure capacity in advance of demand to achieve higher levels of overall asset utilization. Surplus capacity is also needed to assure users that their future needs will not be compromised if they return assets to the global pool when no longer needed. Traditional project-based procurement policies were initially designed to deliver hardware to users on an "as-needed" basis. Ironically they have had just the opposite effect, requiring tortuously long lead times to move from purchase order approval to hardware availability. "Debit card" procurement practices will enable the just-in-time access to internal computing resources that users have sought for a long, long time.

You don't currently monitor or manage utilization of existing assets

As indicated above, the principal financial justification for adopting a cloud computing framework is the ability to achieve a greater return on infrastructure investments through improvements in capacity utilization. Mainframe-based IT shops closely monitor the utilization of their mainframe resources because they are so expensive. Mainframe utilization levels of 90%+ are standard in most IT shops during prime shift; many operate at even higher levels. The capacity utilization of distributed computing environments receives much less attention because incremental capacity can be procured at modest expense in response to individual user requests. Server and storage virtualization has made capacity management relevant again within distributed environments.

If you don't already have rigorous practices for monitoring, reporting, and managing the utilization of distributed computing resources, you will be poorly prepared to quantify the financial benefits achieved through cloud computing. If you don't know the utilization levels of your internal resources, how will you decide when it's cost effective to employ public cloud providers to satisfy spikes in demand? Inability to quantify improvements in capacity utilization and translate those improvements into financial terms will likely undermine the overall sustainability of any cloud initiative.

Epilogue
As Tom Cruise persists in his questioning of Jack Nicholson, Nicholson emphatically declares, "I have a greater responsibility than you can possibly fathom!" Exercising artistic license once again, I would argue that IT professionals have greater opportunities today than most can possibly fathom. IT workforces in North America were virtualized 10 years ago through Y2K initiatives that enlisted the aid of IT professionals from around the world. SaaS adoption is well underway, with the bellwether of the industry, Salesforce.com, having exceeded $1B in annual revenues. Amazon has served as the pathfinder in providing virtual access to scalable computing resources on demand, and their success has given rise to a variety of competing public cloud providers. We have reached a seminal convergence of trends within the IT industry, in which our professional workforces, application portfolios, and underlying infrastructures can all be virtualized to varying degrees. Every commercial company is seeking to leverage these trends to reduce cost and increase agility. To succeed, most will be forced to confront and overcome the challenges outlined above. And that's the truth!