The document discusses the rise of the cloud services broker (CSB) role for IT organizations. It defines the three primary roles of a CSB - aggregation brokerage, integration brokerage, and customization brokerage. It then provides examples of how Blue Cross Blue Shield has deployed a mediation layer to serve as an internal CSB, brokering access to various cloud and on-premises services and data stores for its members from multiple BCBS plans and partners.
2. Today’s Agenda
• Gartner Definitions
• Applications for IT as a CSB
• Blue Cross Blue Shield Deployment
• Intel Technology-CSB Enablement Platform
Agenda
• Q&A
Application Security and Identity Products 2
4. Are You Really Prepared for Hybrid IT?
Cloud Provider 1
Required Skills Cloud Provider 2
Public Cloud
• Provisioning • Customization
e.g., Sales Cloud Provider 3
• Billing • Management Automation
e.g., VMI/
• Support • Backups E-commerce
Cloud Provider 4
• APIs • Security e.g., Contact
Verification
• Migration • DR
• Integration • etc. e.g., HR
Who will manage this?
You manage this
Can you manage this?
Traditional
On-Premises Private Cloud
5. Definition: Cloud Services Brokerage
Aggregation
Brokerage Distributor *
100%
75%
50% Customization
Definition: Brokerage
CSB is composed of three 25%
primary roles in which an ISV*
intermediary adds value to
one or more cloud services
on behalf of consumers of Providers of CSB compete
those services. on the relative strengths of
Integration the three CSB roles
Brokerage
• Are a brokerage
System You •
Enable brokerage
Integrator* Either • Leverage brokerage
* = Alignment with traditional IT services terminology
6. Aggregation Brokerage
• Definition
- Delivering two or more (can be many) services
to service consumers, or other service providers
• Characteristics
- Deliver cloud in scale to many customers
- No net new services functionality, per se
- No integration or customization of services
- Many-to-one or one-to-many services delivery Example Providers
IT Distributors, Resellers,
• Capabilities etc.
- Ability to support large-scale cloud provisioning •Ingram Micro
•Insight
- Normalized discovery, access, billing, support •Parallels
- Centralized management, SLAs, security, etc. •Synnex
•Tech Data
• Typical Scenarios CSB Enablers
- IT distribution •Avnet
•AppDirect
• e.g., distributors, resellers and VARs doing cloud provisioning
•FullArmor
- App Stores, marketplaces •Jamcracker
• e.g., telcos, cloud providers, companies provisioning cloud •Verecloud
See "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
7. Integration Brokerage
• Definition
- Making independent designed services work
together as a combined outcome for consumers
• Characteristics
- Can be IT stack or data/process integration
- Substantial new value through integrated result
- One-to-many, many-to-one, many-to-many
- Increasingly implemented via some form of iPaaS
• Capabilities Example Providers
- Messaging, adapters, translation, orchestration Evolving B2B/EC Providers
•GXS
- Community management (think: LinkedIn for e-commerce) •HubSpan
- Governance (e.g., policy and API management) •IBM (Sterling Commerce)
- Shared services (e.g., management and security) •Liaison Technologies
• Typical Scenarios •SAP (Crossgate)
CSB Enablers
- Cloud-to-cloud integration •Dell (Boomi)
• e.g., synchronizing contacts between Gmail, salesforce.com •IBM (Cast Iron)
- Cloud to on-premises integration •Informatica
•Intel
• e.g., synchronizing order-to-cash between NetSuite, Quickbooks
•Jitterbit
- Traditional supply chain integration •Seeburger
• e.g., for large communities of suppliers, customers, 3PLs, etc.
See "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
8. Customization Brokerage
• Definition
- Altering or adding to the capabilities of a service
to change or improve its function
• Characteristics
- Net new functionality via new, modified services
- Original cloud services can be modified, enhanced
- One-to-many or many-to-one service delivery
• Capabilities
- Modifications (services combined, enhanced, etc.) Example Providers
- Implementation (of new services, applications, BPS Providers
•BlinkHR
processes, user interfaces, master data, etc.) •E2open
- Analytics (messages, services, processes, etc.) •eBuilder
• Typical Scenarios •psHealth
•Wipro
- New and composite applications System Integrators
• e.g., new custom reports on Force.com for salesforce.com CRM •Appirio
- Process or data enhancement •Atlantic Technologies
•Celigo
• e.g., price comparing service for "less than truckload" booking •Infosys
- Business process services •Tieto
• Configurable processes (e.g., VMI, delivered on one-to-many basis)
See "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
9. Hype Cycle for Cloud Services Brokerage
Three primary CSB roles
expectations
Cloud Management Private Cloud leads Internal CSB role
Platforms
Integration PaaS CSB enabling technologies
Private Cloud Computing
Communications Service Providers
as Cloud Services Brokerages Application PaaS
Aggregation Brokerage Packaged Integration and Cloudstreams
CSB Integrated Billing
BPaaS
CSB Single Sign-On
Cloud Services Brokerage
Application Service Governance
Cloud-Based Security Services
Cloud Access Security Brokers Multisourcing Service Integrator
Cloud-Based Multienterprise Processes
Customization Brokerage
Pure-Play CSBs Software as a Service (SaaS)
Integration
IT Distributors as CSBs
Brokerage
Cloud-Based Data Identification
and Enrichment Services Internal CSB Infrastructure as a Service (IaaS)
Traditional IT Services
IT Manufacturers as CSBs Providers as CSBs
Federated Help Desk for CSBs
As of July 2012
Peak of
Technology Trough of Plateau of
Inflated Slope of Enlightenment
Trigger Disillusionment Productivity
Expectations
time
Plateau will be reached in: obsolete
less than 2 years 2 to 5 years 5 to 10 years more than 10 years before plateau
See " Hype Cycle for Cloud Services Brokerage, 2012," G00234256 9
10. Emergence of Internal CSB Role
Attributes of Internal CSB
• Alternative to third-party CSB role:
- You are "prime contractor"
- Think: cloud-enhanced traditional
IT multisourcing
Maximum Public Cloud • IT responsible for all CSB roles:
Internal CSB - Aggregation
Scope - Integration
- Customization
• Scope of internal CSB role:
- Minimally applies only to private
Private Cloud cloud
- Can also apply to private and
Minimum public (hybrid) cloud
Internal CSB - Can include "broker of broker"
Scope role, for cascaded brokerage
- Can optionally also include
Traditional IT traditional IT assets
11. How the Internal CSB Role Compares to
Traditional IT Multisourcing Integrator Role
Traditional IT Service Emerging
MSI Role Attributes CSB Role
• Smaller ecosystem • Larger ecosystem
- Up to a dozen Ecosystem - Up to hundreds
• Fewer larger services • More smaller services
- More coarsely grained Granularity - More finely grained
• Fewer SLAs, T&Cs • More SLAs, T&Cs
- Fewer KPIs to track Outcome - More KPIs to track
• Fewer, static providers • More, dynamic providers
- Trust, experience lead Dynamics - Value, innovation lead
• More centralized, simple • More federated, complex
- Manual escalation OK Help Desk - Automated escalation
• Limited use, manual • More usage, automated
- Fewer policies to track Governance - More policies to track
• More control of IT assets • Less control of IT assets
- Assets in one DC Control - Assets across cloud
See "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role," G00230681
12. When to Consider Internal CSB Role
Consider internal CSB when:
• You would prefer to fund the CSB with capex versus opex.
• An internal CSB will reduce your risk of consuming services.
• You have and/or desire the requisite CSB skills and technology.
• An internal CSB can meet time-to-deployment requirements quickly.
• An internal CSB better meets your internal constituents' needs.
• An internal CSB is mandated by management (e.g., for compliance).
• No viable external CSB is available for your IT project requirements.
• You have a strong desire for centralized, internal control of all IT.
• Your full project life cycle TCO will be lower via an internal CSB.
• Being a CSB is considered a required internal core competency.
See "Predicts 2012: Cloud Services Brokerage Will Bring New Benefits and Planning Challenges," G00227370
14. Integration Brokerage “Basic” Capabilities:
Intermediation Layer
• Messaging Technology FTP/MFT
AS2
FTP/MFT, MOM, HTTP,
SOAP, Proprietary, …
- For secure, reliable communications of SOAP, REST
RosettaNet,…
SOA services, EDI and very large files
• Adapters
- For "last mile" connectivity to apps, Wrapper Wrapper
trading partners, cloud APIs, etc. App Cloud API
• Transformation
- To translate data and messages
• Orchestration
- To disposition messages, tasks and
events within a process context
For more information, see "SOA Infrastructure Selection Criteria, 2009," G00170722.
15. Integration Brokerage “Scale” Capabilities:
Application Services Governance
Application Services
Governance =
API Management +
SOA Governance
What cloud service policies are likely to be enforced?
•Security
- User/service/API authentication — Fine-grained/role authorization
•Technical SLAs
- Schema validation — service/API throughput, availability, failover
•Business SLAs
- Approve POs of more than $1,000; give "Gold" customers priority routing; archive
invoices from France; encrypt personally identifiable data
16. Evidence CSB Role Increasingly Matters
Est. Annual IT Spend on
CSB by 2014 (1): Who will be responsible for
end-to-end delivery of
$100 billion cloud services? (3)
Frequency of search for
CSB on Gartner.com via
“cloud” + “broker” terms (2)
#respondents = 322 for those already using or
planning to use cloud computing or cloud services
within 12 months
1 – See “Examining The Magnitude of the Cloud Services Brokerage Opportunity: Carpe Deim!," – research will publish in two weeks.
2 – See “Search Analytics: Cloud Service Brokerage Enters the Search Scene," – research will publish in two weeks.
16
3 – See “Survey Analysis: Cloud Services Brokerage Playing a Larger Role in the Future of IT Services," G00228550
17. Recommendations
Recognize that the "service" in CSB has both business and
technical connotations, with the emphasis on "outcome."
Interpret CSB role through primary three IT services roles:
Aggregation brokerage
Integration brokerage
Customization brokerage
Use Gartner evaluation criteria to help determine if you
should deploy an internal CSB or use an external CSB.
Leverage providers of CSB-enabling technology where
appropriate to help enable your internal CSB role
18. Recommended Gartner Research
Cloud Services Brokerage Is Dominated by Three
Primary Roles
Daryl Plummer, Benoit Lheureux, Michele Cantara
(G00226509)
Cool Vendors in Cloud Services Brokerages, 2012
Tiffani Bova, Daryl Plummer and others (G00231938)
Predicts 2012: Cloud Services Brokerage Will Bring New
Benefits and Planning Challenges
Daryl Plummer, Benoit Lheureux and others (G00227370)
Essential Provider Selection Criteria to Use When
Outsourcing the CSB Role
Benoit Lheureux, Jim Longwood (G00230681)
The Role of CSB in the Cloud Services Value Chain
Benoit Lheureux, Daryl Plummer, Tiffani Bova (G00218960)
For more information, stop by Gartner Solution Central or e-mail us at solutioncentral@gartner.com.
19. BCBSA Mediation
Layer Architecture
August 09, 2012
Presentation at Intel / Gartner Webcast
Plamen Petrov
Chief Enterprise Architect
Blue Cross Blue Shield Association
A presentation of the Blue Cross and Blue Shield Association. All rights reserved.
20. Blue Plans have been leading the industry for 83 years
The Blue Cross and Blue Shield System consists of
38 independently operated Blue Cross and Blue Shield member companies
, a Federal Employee Program® and an Association, which serves the
collective needs of the Blue Cross and Blue Shield Plans.
Cover 100M people – Blues serve
1 in 3 Americans Nationwide access. Local support. 85% of Fortune
100 Companies
Blue Plans contract with Blue Brand is #1 overall
96% of U.S. hospitals and brand equity in the health
91% of all physicians insurance industry
Blues committed to serving local
communities and national
customers
A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 20
12-131-V
21. BCBS Plan Members Access Many Services and Data Stores
Local
Plan BCBS Plan Local
Member Hospital
Remote
BCBS Plan
BCBSA
Remote
Hospital
Consumer
Services
Plan Member accesses services
provided by different entities and
data stored in many locations
A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 21
12-131-V
22. Service Brokering and Mediation Layer
Services Clients
Architecture
Standards
Governance
Analytics
Blue Plan BluesNet 3rd Party Vendor
Cloud Services VPNs Cloud Services
Internet
Infrastructure Master Data Platform
Services Services Services
BCBSA Mediation Layer
BCBSA
PlanConnexion
Cloud Services
Cloud Services
A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 22
12-131-V
23. Mediation Services Platform
Browser or M o b i l e
AuthN /Info R e q u e s t
Medical I n f o r m a t i o n
Service Provider P o r t a l
BCBSA Plan A
Doctor I n f o r m a t i o n
Peer Reviews, A w a r d s
• Web S e r v e r
• Mobile T i e r S e r v ic e s M e d ia tio n a n d
Integration Broker SO A P
JS O N
X M L
BCBS Plan B On-prem 3rd P a r t y
Info P r o v i d e r s
Partner A P I
Flat F i l e
Mgt A P I
Security Brokerage Technology ED I
• SSL Termi n ati o n • Data T r a n s f o r m
• Web S e r v e r • Service M e t e r i ng/Monito r i n g • Protocol Mediati o n
• ID trans l ati o n • Service Routi n g/Ver s i o n i ng
• Mobile T i e r
BCBS Plan C
3rd Party C l o u d
Info P r o v i d e r s
• Web S e r v e r
• Mobile T i e r
Service Mediation and Integration Brokerage
A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 23
12-131-V
24. Andy Thurai, Chief Architect, Intel
IT CSB TECHNOLOGY
ENABLEMENT
CONSIDERATIONS
24
25. Mobile and API Service Growth a Driver for IT CSB
Other Internal CSB Deployments
•Online University
•Healthcare Claims Provider
•SI Delivering Composite Apps
•Telco Service Aggregator
Extended Enterprise
IT CSB
Platform
Private & Public Developer & Partner
Cloud Provider Consumers
*Source ProgrammableWeb
CSB Platforms offer way to automate & scale fine-grain service
brokering for composite and mobile apps used by IT 25
26. IT’s CSB Platform Simplifies Service Consumption
On-prem Service Service/API Providers
Broker PaaS App Services
Enterprise Departments/Developers
Id & Security
Broker HTTP,
Service 1 REST
Global Apps, IDM,
Middleware
SOAP, JMS, DB, App to Cloud
FTP-any Calls Integration
PII Data SaaS Applications
Tokenization
Service 2
HTTP
REST
JSON
Departments 1-n
Developers & API Mgt
Service Admins Service 3
Partners
Simplified, API
Exposed
Create Standardized
Apps that invoke
aggregated services HTTP,
REST/SOAP/
Orchestrate JSON
VM/Services
Service 4
3rd Party CSBs &
Sharing API Descriptions, Tools, Data Enrich Services
Data
Integration
Dev Community Service 5
REST
API Portal
26
27. Service Gateway Fast Path to Operating as a CSB
Vendor Mgt- Contracts, SLA, Tracking
Responsibilities Monitor Security Standards & Policies
& Enablement Tools
Dev Support & Disaster Recovery
IT CSB Operator
Value Added Custom “Glue” Code
• Consistent policy enforcement for integration, COTs Core
security, compliance across departments CSB Platform
Monetization/Charge Back App Service Gov & Security, Access, Developer Community
Integration Compliance
• Meter usage • • Configuration not code
API management • Edge threat protection
• Throttle per SLAs • • Discovery of aggregated
Policy creation & exe • Data Loss Protection services from IT
• API Analytics • Legacy & SOA integration • Federated ID Brokering • Meta data
• Orchestrate & transform • PCI PII Data Tokenization
• Protocol translation
Move from Line of Business to “Enterprise
Controlled Consumption of Cloud Services 27
28. Security is Central for IT to Consume and Expose APIs
Trust - API Access Control Threat - Perimeter Defense
IdM
• Denial of Service Protection: Via app
security proxies and gateway capabilities
• Authentication: Enabled through
SSL/TLS, OAuth, SAML, Shared Secret • Code Injection: Via pattern-based
Mechanisms, Custom API Keys, Digital scanning of SQL Injection, XSS, XML
Signature/PKI processing, Database threats, XPath injection
authentication rules • Malware Detection: Via heuristics that
detect malware behavior
• Authorization: Enabled through XACML, • A/V Scanning: Via signature based
authorization decision points, coded in scanning of MIME attachments
policies, custom built rules
• Data Leak Prevention: Via network DLP
scanning for API calls
CSB platforms deliver these capabilities. Standards
based and independently certified 28
29. More: www.cloudsecurity.intel.com
White Paper Webinars
CSB Research & Case Study
On-demand
• NIST & CSA CSB
• API Management
with ProgrammableWeb
• API DLP Security
• Meet Cloud API
29
Notes de l'éditeur
Title: Enterprise API Best Practices (John) – ~15 slides – Talk for 25-30 minutes I. API Evolution – Where did they come from? (6-8 slides) a. APIs evolved from SOA as services b. Now they are pervasive – REST/JSON is king c. 2011 API growth was huge – what will 2012 look like? d. API business model slides – which types of businesses benefit the most from APIs? (Blake to help with this) e. Comparison to website – APIs are the new “website” II. Categories: Open APIs versus Private APIs (4 slides) a. Open APIs focus on developer on-boarding and platform enablement – name examples b. Private APIs (Enterprise APIs) focus on security, scalability, and availability – name examples of these (if you have some) c. For Enterprise APIs, developer on-boarding is less of an issue III. Hosted vs On-Premise (1-2 slides) a. What are the pros and cons of hosting an API through an enabler service (Mashery/APIgee) versus doing it yourself. b. Hosted – Good for open APIs, as the developer community is more important c. On-Premise – Good for private/enterprise grade APIs, as security and scalability are paramount (Blake) – 8 to 10 slides – Talk for 10-15 minutes III. Enterprise Use cases – Types of things an Enterprise wants to do (1-2 slides) IV. The value of the gateway pattern – abstraction (consuming APIs) and security (protecting APIs) – (2 slides) V. Security overview – threats, trust, anti-malware, data loss prevention (1 slide) VI. Intel Expressway Product Pitch (2 slides) VII. Customer Examples (2 slides)
When they haven't outsourced the task (most don't), companies have been managing their own traditional on-premises IT infrastructure for over 20 years. Until just a few years ago, the skills and technologies required have evolved based on two fundamental assumptions: that IT assets were discrete and on-premises. Public cloud consumption is proliferating. Companies will spend over $100 billion on cloud in 2012, and that IT spend will grow at nearly 20% over the next five years. Private cloud computing is a form of cloud computing that is used by only one organization. It is a natural evolution for enterprises that are heavily virtualized. From 2012 through 2014, setting up private cloud services will be a major trend. The consequences of these macro IT trends, stated simply, are that IT organizations — currently familiar with traditional on-premises IT — are about to be held accountable for radically different forms of IT consumption, on-premises and in the cloud. Will your IT organization be prepared for hybrid IT?
Findings: There are three primary roles for a CSB: aggregator, integrator and customizer. IT services providers, B2B providers and cloud specialists will adopt one or some combination of the three CSB roles when working with cloud services. In "Three Types of Cloud Brokerages Will Enhance Cloud Services" (G00164265), we examined a limited set of brokerage types that subsequently have been subsumed into a more refined and accurate description of the entire category. Subsequently, in taking intermediation to the next level, we can now formally define CSB as a form of cloud services intermediation: "A cloud services brokerage is a business model in which a company or other entity adds value to one or more (generally public or hybrid, but possibly private) cloud services on behalf of one or more consumers of those services." In an internal private cloud scenario, the internal IT organization takes on the role of broker. CSB does many of the same things that a traditional IT services provider does in a service aggregator role, but also addresses additional complexities. Some of the capabilities that a CSB needs in order to address these complexities are: Management of the proliferation of solution assets Proliferation of relationships and complex interdependencies of SLAs Rapid pace of change Intellectual property and compliance risk Security and risk
Finding: Aggregation is one of the most common types of CSB roles. Strategic Planning Assumption: By 2014, 60% of traditional IT distributors will become cloud aggregation brokerages servicing SMBs through VAR partners. Aggregation brokerage is the act of bringing multiple services together to deliver them to service consumers as a value-added reseller (VAR) or a solution provider, or to deliver them to other service providers (as a distributor) in some unified way — for example, by business process, industry or region. The aggregation may be for billing purposes, single sign-on (SSO), a service marketplace (where consumers are connected with the right services), or many forms of enrichment, such as SLA management and customer management. Aggregation is one of the most common types of brokerage functions. An aggregation brokerage is directly related to the role of aggregator in traditional IT services. Traditional aggregators bundle technologies or even solutions, sometimes acting like a system integrator (SI). However, within cloud services, the difference lies in the fact that an aggregation brokerage must aggregate cloud services. This can be an aggregation of multiple cloud services or cloud delivery with noncloud resources, such as applications and other technologies. This begs the question: "What is the difference between an aggregation brokerage in CSB and a traditional technology aggregator?" CSB does many of the same things that a traditional IT services provider does in a service aggregator role, but also addresses additional complexities and assumes a role of orchestrating outcomes and validating performance. This includes provisioning in cloud scale, managing heterogeneous cloud assets, centralized management of SLAs, policies, security, etc.
Strategic Planning Assumptions: Through 2015, the complexity of multienterprise integration will force companies to switch 20% of their internally managed B2B projects to external service providers. Through 2016, integration brokerage, on average, will comprise 10% to 30% of the cost of all CSB-enabled IT projects. Integration brokerage (IB) is an IT-managed service offering that delivers people, methodologies and technologies — the latter enabled by cloud-based integration, such as integration platform as a service (iPaaS) — for B2B e-commerce and cloud services integration projects. The "brokerage" in "integration brokerage" emphasizes IT services to help companies integrate B2B e-commerce and cloud services. Many IT services providers offer stand-alone IB, typically a form of supply chain integration — for example, automating orders and other B2B transactions related to direct materials procurement for customer and supplier integration. Such supply chain integration projects are widespread in manufacturing, automotive, retail/consumer packaged goods, high tech, and transportation and logistics markets. IB is also delivered in conjunction with other technology and services as part of a CSB offering to implement whatever integration capabilities are required to knit together cloud services (typically involving multiple providers), on-premises applications and data (of the CSB customers), and any required supply chain partners (for example, receiving orders directly into SaaS-based ERP). IT users should understand that traditional B2B e-commerce integration projects become more complex when you move certain business functionality, such as order management, into the cloud. The means, for example, that you must define different evaluation criteria for your particular combination of traditional e-commerce, internal application and cloud services integration when considering an IB offering, if you plan to outsource your integration project work.
Finding: You may benefit from CSB customization if your solution requires a cloud service coupled with some traditional IT services (e.g., consulting, SI, applications outsourcing or business process outsourcing). Strategic Planning Assumption: By 2016, six of the top 10 IT application and business process service providers will use an industry-leading BPMS in their CSBs. The customization of cloud services can be a tricky proposition. Because the implementation of a cloud service is not generally available to be changed by anyone other than the original cloud service provider, the act of customization is generally done around the edges of the service. A cloud customization brokerage is a managed service provider or enabler that alters or adds to the capabilities of a service to perform its function. This could mean adding a new look and feel to the service, or layering new data and process functions on top of it. In practice, customizing a cloud service is difficult to do without some form of aggregation and integration. The composition of multiple services, along with the changed look and functionality, can produce incremental improvement and value. You may benefit from CSB customization if your solution requires a cloud service coupled with some traditional IT services (e.g., consulting, SI, applications outsourcing or business process outsourcing). The modification capabilities in CSB customization will help you: Capture change requests to any of the services or components involved in your solution. Identify and communicate the potential impact of changes on the solution to user stakeholders and vendor representatives. Decide on whether to proceed with requested changes and whether renegotiation of contract is required. Manage and monitor the status of requested and/or approved changes. Measure the actual versus the expected cost and business impact of changes. Provide insight into how your organization can work better in the future with the multiple vendors involved in the CSB. Deal with people change, as well as system change. Establish and maintain a governance process for all consumers and providers involved in the solution.
Strategic Planning Assumptions: By 2014, 30% of midsize to large enterprise IT departments will become an internal CSB for cloud services consumed by their companies. By 2017, 60% of midsize to large enterprises will become an internal CSB. The role of the IT department has been undergoing significant changes during the past decade. As staffs have been asked to do more with less, it has become clear that IT departments must play multiple roles in coordinating IT-related activities. Cloud computing is now pushing that change to another level. Business units are purchasing SaaS solutions, and often forcing IT departments to react after the fact. More than 40% of business units are buying SaaS solutions from the cloud without the IT department's knowledge. As this happens, IT departments are discovering that they must support the introduction of the services into the business, as well as become involved with these services through customization or integration with on-premises systems, or through managing relationships with the service providers being used. This makes the IT department a broker of the cloud services used by its own company. IT organizations must integrate cloud services with data and applications running on-premises to provide a flow of information and process to and from the cloud. The IT organization will manage the relationships with cloud providers or even engage third-party brokerages that can customize, govern, integrate or aggregate the services for them. This expanded role — which requires a new discipline in CSB aggregation, integration and customization brokerage at the technology and commercial levels — will cause many IT organizations to become more prominent in their corporate strategies. By evolving from a cost center into a value center, the IT department will be sought after for advice about and protection from problems with cloud services.
Finding: Most traditional multisourcing integrator skills are applicable to CSB offerings, but significant new skills and technologies will be required to successfully manage more complex, cloud-centric projects. Evaluating service offerings that comprise multiparty vendor ecosystems has traditionally been addressed in multisourcing integrator research. The MSI role has evolved out of the need for complex service integration requirements across a smaller number of multiple vendors in large, but stable, processing requirements. We have published detailed MSI evaluation criteria for these three categories in "Essential Provider Selection Criteria When Outsourcing the Multisourcing Services Integrator Role," G00211704. The CSB role is evolving out of the more dynamic cloud environment, which might involve ESPs that are more diverse and that are likely to change frequently (see "Who's Who in Cloud Services Brokerage," G00217530). While many attributes of the emergence CSB role are similar in concept to the MSI role, there are many differences between the two roles. For example, while in both cases there is a need to track service provider outcome by tracking KPIs against agreed SLAs, this task is made substantially more challenging in the CSB role because it involves a larger, more dynamic and fine-grained ecosystem of providers that must be managed. The consequence of such differences is that providers doing CSB will need to automate more of the nontechnical aspects of service delivery, such as support and governance, in order to ensure consistent service delivery across a much more complex set of IT assets (see "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role," G00230681).
Finding: Large enterprises can be successful and cost-effective with either an external or internal CSB; therefore, the sourcing choice should be driven mostly by commercial factors. As the adoption of cloud services grows, the need for IT departments to address their use will grow as well. These departments will often be forced to acquire services they don't control. Because IT organizations are likely to be unable to stop the flood of SaaS offerings being brought in by business users, these organizations will have to develop additional skills and oversight to consolidate buying power, reduce complexity and manage multiple cloud services providers. IT departments will need to become more skilled in working with providers in two key ways. First, they must adopt cloud-based platforms that will allow them to customize, integrate or build cloud solutions that are similar to the SaaS solutions bought by users. This pushes the IT organization to adopt cloud computing, perhaps before it's ready. Second, IT will need to engage cloud brokerages to provide aggregation, integration or customization of cloud services when it can't do the work itself. This will drive the growth of brokerages and enable IT organizations to use the cloud model without having to become experts at cloud integration, aggregation and customization . In cases where IT organizations take on an internal role of CSB, it is essential for these organizations to model sourcing best practices. This includes tracking KPIs that are tied to SLAs, with associated penalties if the SLAs can't be delivered. Recommendations: Train your IT staff in relationship management to make them more capable of managing cloud provider relationships and contracts. Establish a cloud decision framework and purchasing process that supports cloud adoption in compliance with corporate sourcing strategies, and that encourages business units to come to IT for advice. This will enable IT departments to track the services that business users are acquiring. Provide ongoing information about potential cloud services of interest to business units. This will establish IT as a source for positive information, rather than negative cynicism about cloud use.
Strategic Planning Assumption: By 2016, 50% of new integration projects (up from 10% today) will involve on-premises applications, e-commerce trading partners and cloud services. The impact of more agile application portfolio approaches, such as pace layering, combined with increased cloud adoption are profound: You cannot predict which or where future applications will be deployed, and these, regardless, will be changing as your portfolio evolves. This means you must have a strong core competency in application integration. In the past, different business and technical needs within organizations led to separate A2A and B2B and cloud projects, which different organizations within IT addressed. Typically, these different organizations selected the technology that best met their particular integration project needs, without worrying about other parts of the organization. This wasn't a problem because vendor offerings were strong in one area, such as A2A, but not in others. But things are changing. Organizations are much more aggressively seeking holistic solutions to integration. Vendors are working to strengthen their portfolios for project types where they are weak or where they seek to gain a competitive advantage. For example, Tibco Software acquired Foresight and Proginet; IBM acquired Cast Iron and Sterling Commerce. The result is a collection of vendors whose offerings contain features that enable organizations to use their offerings for all types of projects, including A2A, B2B and cloud-to-on-premises integration. The move to single sourcing is emerging because it appears to be a less-expensive alternative to using different technologies from different vendors for different project types. This move is occurring because organizations can now get well-regarded products that address A2A, B2B and cloud-to-on-premises integration requirements from a single vendor.
Messaging Technology: A platform that establishes an interoperability layer that supports interactions among components via a variety of protocols (HTTP/plain old XML [POX], SOAP, Internet Inter-ORB Protocol [IIOP], .NET remoting, message-oriented middleware [MOM] protocols, file transfer protocols and others) and interaction styles (request/reply, conversational, publish and subscribe, asynchronous messaging, and others). Reliable, once-only delivery of messages should be an available option. Adapters: Technology that combines design tools and runtime software to implement programs that act as "glue," transforming among protocols, connecting to databases and linking pre-SOA application programming interfaces (APIs) to the SOA backplane. To support B2B projects, adapters would also need to support SOA services using B2B protocols such as Applicability Statement 1 (AS1)/Applicability Statement 2 (AS2), RosettaNet and Electronic Data Interchange for Administration, Commerce and Transportation (EDIFACT). Translation: Syntactic conversion and semantic transformation, including ease of use and reuse, number of built-in functions, ease of extending the transformation function with custom-coded logic, and XML support (for example, schema or Extensible Stylesheet Language Transformations [XSLT]). Choreography: Technology that hosts the execution of process logic spanning multiple back-end services or applications — typically for short-term (seconds or minutes) processes that can occasionally also be long term (hours, days, weeks) — with the aim of implementing composite services or automated system-to-system processes. The state should be maintained for the duration of the logic (for example, a partner interface process for RosettaNet).
Tactical Imperative: Governance must begin with tracking, policy, metering and context. Brokerages can provide a needed place to capture this information. Governance provides essential functionality and several opportunities for extended services to CSBs. Users and service providers alike can benefit from considering how governance and the cloud can be combined. As applications increasingly use functionality outside the internal application infrastructure (frequently through the use of Web API), the need for governing functionality sourced outside the firewall becomes more important. Application services governance is made up of two streams: API management and SOA governance. Both streams share a great deal of policy management, especially during the operational life cycle stage of services/API. There will be more governance in cloud and B2B, and more cloud and B2B in governance. For example, Exostar and Covisint deliver e-commerce-oriented "app store"-like platforms that emphasize high levels of security and governance for the compliance-sensitive markets they serve (e.g., aerospace and healthcare). Partnerships between SOA governance and API management technology vendors, B2B integration service providers and cloud services providers will be increasingly common in the near future.
Lets drill into the broker platform a little deeper. Today off the shelf CSB technology enablement platforms exist to build host and deliver the broker service layer. This is typically a multi-tenant architecture that can service departmental needs. For the consuming department this may involve identity SSO or credential mapping for users to access SaaS provider apps, tokenizing or encrypting sensitive PII personal data to meet regulatory compliance concerns before pushing data and content to cloud provider platforms, proxing internal application API with enterprise class security before allowing consumption by partners, orchestration of VMs and services to deliver composite applications, or even to add value added services like moving large volumes of Big Data workloads for analytics. Its clear the cloud API plays an increasingly pivotal role in authentication, integration, security, and data integration for the CSB layer.