Watch out for 'boiler room' cloud brokers
If cloud providers are also brokers, can an agency be sure its interests are put first?
Several years ago, Ben Affleck starred in a movie called "Boiler Room." In the film, a New York brokerage house buys up large amounts of stock in companies with low stock prices or a limited amount of outstanding shares. The shares are then considered "in-house" assets.
The stock brokers push clients to buy the assets, claiming that they represent exciting investment opportunities, rather than help the clients find investments that are best suited to their needs. The results for the clients are devastating. Although this was just a movie, it was based on the real-life practices of a brokerage house called Stratton Oakmont. (The recent film "The Wolf of Wall Street" is based on the memoir of one of the firm's founders.)
Now, unfortunately, it appears the federal cloud space could be heading in that direction as well. Many large systems integrators have entered the cloud computing marketplace as cloud service providers (CSPs). Several have invested the time and money to receive highly coveted certification under the government's Federal Risk and Authorization Management Program, which provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
Because not all CSPs provide all required platforms and services, many federal agencies are seeing the advantages of using a cloud broker to buy services from multiple CSPs. And now some CSPs are interested in becoming cloud brokers as well.
The simple definition of any type of broker is an independent agent who brings together a buyer and a seller. So the question arises: How can a broker that is also a CSP truly be independent?
What's to stop a CSP turned cloud broker/integrator from selling "in-house" cloud services rather than those from other CSPs that might have a better mix of services for that particular customer? Even if a company says its CSP business is completely separate from its broker business, there is still a serious perception issue.
Many large government departments already fight a generally uphill battle to obtain buy-in from their component agencies on a centralized approach to IT. That persuasive effort will be much more challenging for a department that is planning an enterprisewide cloud procurement if the component agencies must simultaneously be convinced that a CSP can be an independent broker.
Preventing vendor lock-in while providing the ability to shift workloads to different providers is one of the greatest benefits of working with a cloud broker. Unfortunately, all those advantages are put at risk when the broker is not independent but instead is a seller as well.
What's to stop a CSP turned cloud broker/integrator from selling "in-house" cloud services rather than those from other CSPs?
Furthermore, CSPs in a broker role would not have the same independence to incorporate offerings from the growing list of providers in the cloud service marketplace. There could be complications resulting from a CSP brokering another CSP that essentially is a direct competitor. And a non-broker CSP could be reluctant to enter into a formal working relationship with a CSP turned broker out of concern that its competitor would gain too many insights into its business practices and solutions. And once again, the customer agency's interests could suffer from the limited options.
Furthermore, what happens when service-level agreements are not met? Can you imagine the finger-pointing that would occur?
For the sake of government customers and CSPs, it is essential for organizations to stay out of the cloud "boiler room." Firms should be CSPs or independent cloud brokers, but not both.