Infrastructure as a Service – Global Providers
The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment. This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific focus on security and compliance.
The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment. This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence. It considers these services in the context of the hybrid, on premises and multi-cloud, IT services delivery model commonly now found in enterprises.
IaaS provides basic computing resources that the customer can use over a network to run software and to store data. There are several different use cases for IaaS that range from a hosting IT services and disaster recovery through the development and deployment of new or modernized applications. Increasingly cloud services are used in conjunction with on premises IT in a Hybrid IT service delivery model. Emerging use cases include AI and Machine Learning as well as the exploitation and management of IoT at scale. Each of these use cases have differing priorities of needs.
The responsibility for security and compliance in the use of cloud services is shared between the customer and the cloud service provider (CSP). The customer does not manage or control the underlying cloud infrastructure but is responsible for managing the OS and applications. The customer also remains responsible for compliance with laws and regulations governing the processing of data. The CSP is responsible for the management, security and compliance of the infrastructure providing the service.
This Leadership Compass report covers IaaS (Infrastructure as a Service) that support common uses cases and the Hybrid IT environment that is typically found in organizations on a global scale. It has a specific focus on security and compliance aspects from a European perspective.
1.1 Market Segment
The market segments for IaaS services are defined by the scale of operation and the richness of the service provided. There are several well-known global IaaS service providers. In the past, these global providers have been mostly based in the USA. However, there are now new entrants in this field based in other parts of the world. The services provided by the global CSPs are now being complemented by CSPs that provide more specialized offerings. These may be based on geographic locality, regulatory compliance or the level of professional services and service management that are included.
This leadership compass focusses on those IaaS services that cover the needs described above and that are delivered on a global scale. In this context, global scale means that the service is provided from and is available in multiple geopolitical regions including the EU/EEA.
Infrastructure as a Service (IaaS) provides basic computing resources that the customer can use to run software (both operating systems and applications) and to store data. IaaS allows the customer to transfer an existing workload to the cloud with minimal if any change needed. The customer does not manage or control the underlying cloud infrastructure but remains responsible for managing the OS and applications.
Increasingly IaaS providers offer extensions beyond this basic functionality to support several different use cases. To support these, service offerings now include pre-packaged services for middleware, databases and development tools. These common use cases include:
- DevOps - This is the most common starting point for cloud service usage as part of a digital transformation strategy. The service is used for the development and testing of new or updated applications which may then be deployed using the service.
- External Facing Applications – that are key to the digitalization of businesses. The use of cloud removes the need for capital expenditure and can support the fluctuations in demand. It can also provide a higher level of availability and improved response times where services are consumed across multiple geographies.
- Hybrid Workloads and Data - where the objective is to achieve some of the benefits provided by the cloud (e.g. scalability, availability or cost) while retaining control over certain security or compliance related aspects. This use case requires secure and performant connectivity and common management.
- Analytics and Machine Learning - the amount of data generated through social media, marketing tools, large scale networks of sensors typical of IoT, manufacturing and other processes can exceed the practical capacity of on-premises IT. The cloud provides a practical solution to provide data storage capacity and high computing power at a reasonable cost to analyse and exploit this data.
- Disaster Recovery - here the cloud service forms an important part of the organizational business continuity plan. Its use may range from providing a back-up of business-critical data, through to cold or hot standby services enabling continuous operation of business-critical applications.
1.2 Required Capabilities
The core features and functionalities that we are looking for include but are not limited to:
- Basic service functionality – the basic IaaS services provided such as compute, storage, deployment models etc.
- Hybrid cloud support - functionality provided for organizations to migrate and run all or part of existing workloads in the cloud service while integrating with on-premise IT services.
- Support for DevOps - support the development of new application functionality together with rapid transition of these into operational use.
- Availability - how the service ensures the continuity of the customers service. This includes the resilience of the service infrastructure plus the capabilities provided for the customer to maintain their service in the face of point failures.
- Compliance – how the service enables organizations using it to comply with laws and regulations.
- Data protection – how access to the service and the applications and data it contains are controlled through features such as identity and access management and encryption.
- Cyber-security - how the service is protected against cyber-security risks and the help provided to its customers to protect against these risks when using the service.
- Consulting services – to support customers in their migration to and use of the service.
1.2.1 Basic Service Functionality
Here we consider the basic functionality provided by the Cloud Service. This must include compute and storage and support for Public / Private / Hybrid delivery models as well as basic networking capabilities. We also look at the range of OS types for which there are predefined images and middleware and application stacks with out-of-the-box support (e.g. Databases and Web). Also considered is the support provided for high performance features such as bare-metal servers, GPU and parallel processors such as Hadoop.
1.2.2 Enterprise and Hybrid Workload Support
Here we consider the functionality provided for organizations to migrate and run enterprise workloads in the cloud service. This includes the availability of consulting services to advise and assist with the migration of existing workloads and flexibility in service contract to support specific customer needs. Technical measures we look for include support for secure hybrid connectivity enterprise to cloud and cloud to cloud as well as for customer specific technical requirements such as IP address ranges. Also considered is the ability to specify that specific workloads can be physical co-located or separated from those of other tenants. To assist in migration, we also look for support for workloads based on hypervisors widely used within enterprises such as VMWare. We also look for support for rapid “cloud bursting” from on-premise equipment based on demand and hot and cold standby functionality.
1.2.3 Support for DevOps
Here we consider the functionality provided by the cloud service to support the development of new applications as well as application modernization together with their rapid transition to operational use. This includes the range of development tools and methodologies supported by predefined library of ready to use functionality. For example: Java™ code, Spring, Ruby, Node.js, and custom frameworks. The range of predefined application components available in a ready to use form. For example: MySQL, MongoDB, PostgreSQL, Redis, RabbitMQ, and custom services. Support for containerization (e.g. Kubernetes and Docker) and functionality to deploy, monitor, manage and roll back workloads. Also considered is the provision of tools to support the development of secure applications including code scanning, dynamic testing as well as web application firewalls.
1.2.4 Analytics, AI and IoT
Here we consider the functionality provided to support to ingest, store and analyse large volumes of data. This includes data from diverse external sources including IoT devices. Analysis of this data needs special tools and processing capabilities to build and test analytic models. Increasingly, ML (Machine Learning) is being used and this needs tools to tag data, build, train, test and deploy analytics based on this. In addition, we look for integrated natural language, voice and vision capabilities.
1.2.5 Cloud Service Availability
Loss of access to the service or data can occur for a variety of reasons some of which are technical and some due to other causes such as takeover or financial failure of the CSP. This area covers the extent to which the availability of the IaaS is assured and the options for the customer. Factors considered include the SLA offered by the CSP and how well the historical level of service delivered in practice matches the SLA together with the measures taken by the CSP to ensure service resilience of the service to the range of natural disasters and failures.
Also considered are the options offered to the customer to maintain their service in the face of point failures by in the service or in their applications. These include backup and recovery functionality offered and for hot and cold standby functionality. Finally, we consider the non-technical risks to the service availability including the financial strength of the CSP and the extent to which the CSP is dependent on third parties to deliver the service.
In this area, we consider how the service enables organizations using it to comply with laws and regulations. Specifically, we are looking at the kinds of functionality provided by the service to support compliance and the independent certifications and attestations provided. Also considered are aspects around privacy and other legal issues such as the guarantees around the geographic location and processing of customers’ data and the policies regarding disclosure to customers of legal access requests to their data as well as disclosure to customers of suspected and actual data breaches.
1.2.7 Data Protection
This area covers how access to the service and the applications and data it contains are controlled through features such as identity and access management and encryption. Specifically, we consider the Identity and Access controls for the customer’s service administrators and for the customer’s service users. We expect to see support for standards such as SAML, XACML, OAuth etc., as well as integration with directory services such as Microsoft Active Directory. Finally, we consider what support is provided for encryption and pseudonymization of the customer’s data held in the cloud service and how the keys to encrypt the data are managed.
1.2.8 Cyber Security
This area covers how the service is protected against cyber-security risks and the help provided to its customers to protect against these risks when using the service. Specifically, we are looking for a clear definition of how responsibility for cyber-security is shared between the CSP and the customer and the cyber-security controls that are designed and implemented in the service infrastructure. We consider the physical security aspects including controls over access by CSP employees to the infrastructure and to customer data held in the service. We look at the network defences provided against external threats and the service controls that ensure separation between customers workloads and data, how the service is monitored to detect and respond to incidents. Finally, we consider the tools integrated with the service for the customer to meet their responsibilities for security such as vulnerability scanners, firewalls, intrusion detection, SIEM integration.
1.2.9 Consulting Services
This area covers the availability of consulting services provided to support customers in their migration to and use of the cloud service. We look at the range of consulting services are provided directly by the CSP as well as those provided by partners.