Cloud computing is supposed to be ‘totally self-service’, or so the naïve reading of the standard NIST definition goes. If it is not self-service, it is not cloud. With self-service, who needs partners standing in the way between the consumer and the cloud provider?
Well, it is a little more complex than that. The 5 NIST essential characteristics of cloud computing (of which self-service is one) should be interpreted in the context of the business value of cloud computing. It is these characteristics that lead to business value, and it is the business value on which to judge the degree to which a certain service offering is actually a cloud offering.
Example. Rapid scalability is an essential characteristic. But how rapid is rapid enough? A sudden surge of web traffic needs a response in seconds; a new development server should be available in a matter of minutes or maybe an hour. But adjusting the number of mailboxes to be paid for on a monthly basis is quite sufficient for most organizations. And moving from one mail provider to another is most certainly something that you would not do overnight on a whim. Such a migration takes planning, proper execution and change management with the users, who would have to learn to work with a new user interface. Think months.
You cannot expect big cloud providers like Google and Microsoft to help everybody in the world with this change management. That is where sales partners (or channel partners as they are often called) come in. They can guide the consumers in this process, show the specific opportunities and pitfalls, and provide training to users. That is value to the consumer that a cloud channel partner is bringing.
Consumers these days have a lot of risk management and compliance obligations to handle, and each consumer has a different set of requirements. They have to work with cloud providers to address these requirements on a continuous basis. If cloud computing is to be scalable at the provider side, the cloud channel partner should work out the mapping between what the consumer needs, and what the provider offers. If not, the provider will be swamped with controls questionnaires. At one of the Cloud Security Alliance (CSA) conferences last year a provider mentioned that those questionnaires can have anywhere between 10 and 1500 questions. They have full time staff dedicated to answering them. That does not scale.
One approach pioneered by the CSA is the GRC stack (Governance, Risk management and Compliance), which can standardize this process (more explanation on http://www.clubcloudcomputing.com/2012/09/can-we-simplify-cloud-security/). GRC is also business value. Rather than forward all risk and compliance questions to the cloud provider, a cloud channel partner can decouple the GRC process between consumer and provider, thus increasing the net value of GRC. That is the value to the cloud provider that a channel partner can bring.
Want to know how this can work for you? Visit www.cloudcomputingundercontrol.com