This time last year, we published our predictions of what would be the major events and changes in enterprise cloud adoption in 2014. In this post, we look back on these prognostications to see which came true, which are still pending and which missed the mark. Look for our 2015 Cloud Predictions in the next few weeks. Thanks to Dave Bartoletti, Ed Ferrara and the rest of the Cloud Playbook team for their contributions.

So how did we do on our predictions in fall 2013:

  1. SaaS becomes de facto for buying new applications. SaaS has overtaken on-premise in categories such as HCM, CRM, and collaboration. Solutions once available in multiple deployment modes are now SaaS only (i.e., Oracle RightNow and SAP Ariba seldom offer on-premise any longer). The hold-outs: large enterprise suites are still not available in a true SaaS mode but are increasingly shifting to at least an ASP model.

    1. Grade: B While the vendor community certainly upped its investments in SaaS services (with SAP and Oracle alone going on multi-billion dollar buying sprees) and offering its legacy suites as ASP, enterprises moved more slowly down the SaaS path. However there was significant progress in both business-driven SaaS investments, which often compliment in-house solutions, and IT-led investments that aim to replace on-premise installations.

  2. Public Cloud will be the default backbone for IoT– Whether consumer-led with FitBit, Nike FuelBand and Samsung Gear, or enterprise-led with sensors, medical devices and transportation, the Internet of Things (IoT) will generate billions of data points in 2014 and aggregating this data and acting on its findings will best be achieved by capturing, analyzing and responding from the cloud. If you want to analyze billions of inputs in real- or near real-time, you won’t want to drag the data all the way back to your data center. A longstanding mantra in BI has been that it’s easier to move the compute to the data, than the data to the compute. With cloud-based Hadoop and SaaS-based BI solutions proliferating, it’s becoming hard to justify bringing this data down to analyze it.

    1. Grade: C (In Process). Like many innovations in technology, IoT is still evolving. Early adoption matches this prediction with device data moving first to public cloud platforms for analysis – much happening in Hadoop environments. But many of the connections are actually hybrid. Non customer-identifying data is moving to cloud environments but many IoT devices identify the customer and this traffic is being parsed off to separate, secure connections going back to enterprise data centers in some cases. To the rescue are coming many of the heavy hitters such as Salesforce, IBM and Microsoft all working on IoT cloud services and solutions.   

  3. The Service Catalog Becomes The Strategic Cloud Entry Point – SaaS applications will become standard portfolio elements and centralized IT procurement and management processes will rise up to support them. At the heart of these processes will be the service catalog, a place not only to define, advertise, and price the services IT delivers, but the vehicle to empower cloud consumers and IT pros alike through self-service, single sign-on, and centralized delivery. Service catalogs will go beyond the “how” of cloud delivery and engage the business consumer to decide “what” should be delivered and “when.” The cloud service catalog is where enterprise governance, cost transparency, and end-to-end value chain management come together.

    1. Grade: C (In Process) In 2014, only about one third of enterprise clouds were fronted by a standardized service catalog. IT automation has always lagged the introduction of new technologies, but there’s really no successful enterprise cloud without a catalog in place from the beginning. We saw some movement in 2014, but not enough to say that the cloud service catalog has “come true” for the enterprise.

  4. Perimeter security shifts outside the perimeter, where it belongs. The combination of cloud and mobility, predicted and proven in 2013, means there's no longer a perimeter to your business you can control. Even if you tried to enforce perimeter controls they would not be very effective as so much of the work is shifting outside your perimeter to the public cloud. Additionally, users have so many devices now that you can't enforce device security such as NAC as the management overhead is too daunting. The focus needs to shift from protecting the network and the devices to protecting the data with a Zero Trust security model. With the network perimeter shrinking and the devices proliferating, your data is the one thing you can control.

    1. Grade: C (In Progress) How many more breaches will it take before CISOs realize you can’t declare a safe zone? Hackers aren’t attacking your firewalls or any DMZ protections you put in place. They’re going after less secure alternatives – your employees, your partners, your devices. These lessons are beginning to sink in but the progress is slower than it should be, for sure.

  5. Australia rises to the No. 2 public cloud computing market. While Europe is certainly the #2 market if taken as a whole, Australia, as a country, is quickly taking up public cloud computing services. As with virtualization, smartphones and other technologies, Australia is a very fast follower once the technology has established its value in the US and Europe. Such is quickly becoming the same for public cloud services. And before you think that it will be China, note that our research shows that market still in the virtualization and consolidation phase.

    1. Grade: A. Our analysis in 2014 proved this to be true as Australian enterprises continue to aggressively leverage cloud services both in-country and out.

  6. Cloud-to-cloud continuity will get serious with SaaS. Disaster recovery (DR) is a leading driver for public cloud use, but mostly by enterprises looking to improve the resiliency of mid- to low-end apps and for smaller companies putting their entire recovery strategy in the cloud. But in 2014, cloud-based DR will go cloud-to-cloud.  The first phase will unfurl in the next year with cloud-to-cloud backups for mainstream SaaS offerings. In the SaaS market, enterprises struggle to restore data with steep recovery fees (or in some cases, total lack of service) by their SaaS vendors. A new market of backup solutions is rising to meet this need with early solutions from Backupify and Spanning.  These offerings automate the protection of critical data that is stored with SaaS providers so organizations can recover this data if it is accidentally, or maliciously, deleted.

    1. Grade: C (In Progress) Clearly as IT leaders get more involved with SaaS management, they are realizing part of The Uneven Handshake of cloud management requires assessing the backup and disaster recovery practices of cloud providers and taking actions where there are shortcomings. After all, ultimately, it’s your data so its your responsibility. But bringing it back on premise can be costly. These early solutions are seeing some traction today but more is needed.

  7. Chef and Puppet will usurp commercial automation solutions– With the rise of public cloud platforms, these open source configuration automation solutions already dominate on GitHub, driven by developers and developer-focused IT operations (DevOps) teams alike. In 2014 we predict that more new server workloads will be scripted, documented, and replicated automatically by these tools than by BMC, CA, HP, IBM and other proprietary automation solutions combined, putting the fortunes for these tools at risk. Open source server configuration automation is quickly becoming the de facto cloud service automation approach, and will dominate the management of elastic cloud workloads.

    1. Grade: A. As we predicted, client inquiries about open source configuration management tools — Chef, Puppet, Saltstack, and Ansible — dominated I&O inquiries in 2014, while those about traditional config management platforms declined dramatically. Notably, each of the Big 4 management vendors eagerly announced support for open source tools in 2014 as well.

  8. Bring-your-own-encryption will dominate the security discussion in 2014. One of the top trending inquiry topics hitting our cloud and security analysts lately are about cloud encryption solutions for AWS and Salesforce.com. You can thank the US NSA for popularizing this trend. Clients are asking for recommendations on offerings that encrypt data before it hits the cloud service and lets the enterprise control the keys. Encryption covers a multitude of sins, and by encrypting the data before it hits the cloud, companies effectively strip the toxicity (and the liability) from the data. There is increased interest in using technology from companies like CipherCloud, AlephCloud, PerspecSys,Skyhigh Networks, and Vaultive to encrypt corporate in-line data *before* it goes to the cloud. Also, look for larger vendors such as HP, Cisco, VMware and IBM to acquire some of these intriguing startups in 2014.

    1. Grade: C (In Process) . If the NSA PRISM scandal accomplished anything, enterprise CISOs took control of security in the cloud by bringing their own encryption solutions. Traditional channel and at rest encryption, according to Forrester surveys, have taken hold as concepts but broad-based adoption is still an issue with the major issues being standards and key management. Most CISOs understand the need for encryption for cloud-based workloads but don’t always have the best methods at hand for doing so. This is especially true for hybrid premise- and cloud-based infrastructure where encryption is still a work in progress for premise-based workloads. Implementation of token-based security solutions will accelerate in 2015 but not nearly enough to address the real need.  

  9. Cloud security will be much more centralized and automated.  If you're resisting the cloud because of security concerns, you're running out of excuses. The leading public cloud providers have made strong gains in security and compliance, and there are few workloads completely off-limits for public cloud anymore. At the same time, securing private clouds has become safer, more reliable and easier to control through advanced management tools like HyTrust. We’ll see cloud security vendors like CloudPassage, JumpCloud and Illumio – letting you articulate cloud security requirements in executable automation of business policies. Enterprises will achieve better security this way than on their own.

    1. Grade: C (In Process) The solutions are here and with moves by IBM, AT&T and others, enterprises now have more options for centralizing cloud security and enforcing policies via automation for private clouds but public cloud continues to lag in this area. Continuous monitoring of cloud workloads remains a challenge with only a few vendors offering capable solutions. Companies such as AlienVault, BlackStratus for event correlation and Evident.Io for vulnerability assessment have made progress in monitoring for cloud environments. However, security professionals are looking for help in implementing these solutions and don’t always have the necessary cloud skills to understand the best way to protect these environments. Companies such as Datapipe that offer security engineering and cloud implementation services are a step in the right direction. Good progress was made in 2014 but there’s more to come for sure.

  10. Enhanced virtualization and private cloud become separate initiatives.Private cloud is the go-to term to describe everything above basic virtualization — regardless of whether it meets the basic private cloud requirements. In 2013, Forrester saw four types of private cloud initiatives. The most common was enhanced virtualization which does not satisfy the growing cloud expectations of the business. But this initiative is important to the maturation and efficiency of IT ops and be done because it improves deployment consistency and agility from 2 weeks to 2 days. As a result in 2014 the enhanced virtualization initiative will be separated from the effort to build a private cloud.

    1. Grade: A 2014 saw a significant jump in private cloud initiatives with many IT-led initiatives reflecting the enhanced virtualization profile and the business-led reflecting true cloud requirements. A welcome surprise was seeing IT leaders engaging in the business-led cloud initiatives, recognizing the need and thus the solution were different.