by Ed King
Back in 2011, an eternity ago in Cloud time, Gartner Research first coined the term Cloud Service Brokerage (CSB) and defined the three primary brokerage roles of Aggregation, Integration, and Customization Brokerage1. Since then the adoption of CSB has expanded from the public offering to both public and internal projects, which will have a, significant and enduring impact across many vertical markets. CSB now even has its own Hype Cycle2 of research at Gartner. Despite the large volume of published work by Gartner, there is still widespread confusion about what exactly a CSB is. The confusion is further compounded by software and service vendors “CSB-washing” their solutions in an attempt to garner coverage from analysts and press. In this article I will attempt to give you the cheat-sheet version of CSB: What it is? Why do you need it? What does it mean to IT? What do you need for an internal CSB?What Is A CSB?
First and foremost, a CSB is a service, not a software product, not even a software-as-a-service (SaaS). Any number of Cloud-based or on-premise technologies may be used to deliver a CSB service, but the technology used has little relevance to whether a solution qualifies as a CSB. A CSB is a value-added service for other Cloud-based services. Such services can range from the single sign-on across SaaS, to integrating flows of data between, say, a CRM and a marketing automation SaaS, to adding a management layer across infrastructure-as-a-service (IaaS) vendors. The types of brokering services fall into three patterns according to Gartner: Aggregation, Integration, and Customization Brokerage. The order in which these appear reflects their respective share in decreasing amounts of the CSB market as well as technology challenges from easiest to most difficult. You will be hard pressed to find any CSB that falls exclusively into one of these three patterns. It is always a combination of at least two patterns.
Why Do You Need CSB?
It may come as a shock to some, but each Cloud-based service is a technology silo. There is no doubt that Cloud-based services bring tremendous value in terms of operational cost savings, elasticity, and usability. On the flip side, Cloud-based services have an opaque infrastructure and offer limited integration interfaces, usually in the form of REST APIs. Traditional application and data integration technologies do not work well against Cloud-based services due to the lack of access to data repositories and low level Java or .NET APIs. To improve the user experience and the management of silo Cloud-based services, you need CSBs. A single sign-on CSB can help improve user experience. A management CSB can enable dual-sourcing of Cloud-based services for disaster recovery, cost optimization, or risk remediation. It is ultimately the responsibility of the enterprise to ensure that the Cloud-based services it is using offer a good user experience, are used in a secured and governed manner, and do not introduce excessive risks.
What Does It Mean To IT?
If you work in IT and have yet to come to the realization that Cloud is here to stay, then now is the time you need to come to terms with it.. Modern IT organizations need to realize business users now have the means to bypass IT and procure their own IT solutions if they do not get the support they need from internal IT. This is the so-called shadow IT challenge. Modern IT departments need to embrace Cloud-based services and figure out how to leverage Cloud’s benefits and add value to further improve the Cloud usage experience, manageability, and security. This can be done by introducing various types of CSBs, whether commercial or internal. Yes, it is quite popular for IT departments to play an internal CSB role.
What Does It Take To Deliver An Internal
If you have determined that none of the commercial CSBs quite fit your requirements and that you need to develop your own CSB capabilities, what are the key components you need? The core technology pieces you will require are:
- business process automation;
- identity federation;
- API gateway; and
- monitoring and logging.
Whatever CSB functions you are building, it will likely involve some business process, so you will need capabilities such as workflow and task management. Before any APIs can be called and data exchanged, the enterprise must have the means to authenticate and authorize access to and from its on-premise infrastructure and the Cloud-based services. This means having the ability to support a federated access model using protocols such as OAuth 2.0, and to integrate with on-premise identity management infrastructures such as those from CA, IBM, and Oracle.
Since most Cloud-based services rely on REST APIs as the integration interface, API Gateway technology is central to brokering the communication between these Cloud APIs to any on-premise systems. This gateway functionality is sometimes also referred to as a Cloud Service Broker or Cloud Service Access Broker as it provides a trustworthy and reliable onramp to Cloud services, allowing businesses to consume, monitor and manage them in the same fashion as their own internal services. Finally, monitoring and logging of these transactions is critical to ensure traceability and integrity, especially to support any billing and charge back requirements.
In summary, a CSB greatly helps in the consumption of Cloud services by brokering the connection to the services, smoothing over interoperability issues. By doing this, a CSB enables the promise of Cloud, and itself is a business model in its own right. It applies just as much to internal services, and internal IT, as it does to external services. The message of CSB is that the hype is deserved.
IT Glossary: http://www.gartner.com/it-glossary/cloud-services-brokerage-csb
2Hype Cycle for Cloud Services Brokerage 2012”, Michele Cantara, 30 July 2012, Gartner Research Document ID:G00234256