The Four Horsemen of Cloud Brokering

The concept of cloud brokering had been drawing more attention lately. In particular, Gartner has developed quite a bit of market analysis on the topic. Most of these analyses tend to focus on the business of cloud brokering. However, I find it insightful to consider the potential technology platforms associated with cloud brokering. Very often, the largest and most durable technology businesses are strongly intertwined with differentiated, scalable, hard to replicate technology platforms (i.e. databases, operating systems, search engines) By nature, these platforms provide a long-term sustaining competitive advantage. Furthermore, when it comes to corporate strategic investment or VC funding, the ability to articulate breakout platform opportunities can prove invaluable. Platform envy can significantly increase investors’ belief into a new and unproven business model such as the one we will be discussing here.


So, let us try to identify the four most compelling cloud brokering platforms, capable of fueling and sustaining large revenues within the emerging market of enterprise cloud services.

Security Brokers – The Cloud Firewall

The first platform candidate is the security broker. Security is certainly a key concern of enterprises contemplating the adoption of cloud services and infrastructures. CIO and CSO need a coherent security strategy to manage risk and compliance across cloud providers and architectures (private, public, semi-private clouds). Because of the heterogeneous nature of clouds, the proposed solution is to unify external security under a single security control point, the cloud security broker. Security cloud brokers become security hub across multiple enterprises (tenants) and cloud services, allowing enterprises to harmonize security despite differences in cloud providers’ security frameworks, capabilities and APIs. The strategic technology underpinning platform is the cloud security gateway [link to previous blog]. This cloud firewall becomes the security control point for cloud. Security brokers operate or manage them. Initially, security brokers may get pinned down as identity and access brokers but as SSO and access management quickly commoditize, information security and information management become the predominant value of cloud security brokering (e.g. encryption, data loss protection, rights management, backup, archiving, eDiscovery). For cloud security brokering, large security companies such as Symantec [Link to O3] should play an important role since the platform becomes an essential delivery mechanism for security across mobile devices and cloud services. In addition to the emergence of cloud security brokers implemented as web security gateways, one should anticipate security to be increasingly delivered at the edge of the network by specialized cloud providers, a little bit like content is increasing delivered through CDN. This means that large network infrastructure providers such as Telcos and Internet infrastructure companies such as Akamai should also play an important role, especially in the SMB segment that already prefer a “no software” delivery model.

User Management Brokers – The Cloud Identity Hub

The second large cloud brokering opportunity is the “identity hub”. The identity hub is identity management as a service. In the long run, the identity broker replaces traditional enterprise IDM. In the short run, the cloud identity broker supplements existing IDM systems by enabling the provisioning and life-cycle management (profile mgmt, credential reset, etc) of users across external cloud services. In that sense, the identity hub is a virtual directory in the cloud. It brokers identity from the enterprise to external clouds providers. In today’s early days of cloud, legacy user repositories such as Active Directory or LDAP stores remain the enterprise authoritative identity stores. Over time, as the center of gravity of IT shifts from in-premise to cloud, the identity hubs becomes authoritative and start governing identities across both internal and external applications. On top of these multi-tenant cloud directories, user management self-services, workflow and governance services emerge, making the cloud identity broker the natural heir of today’s identity management platforms. One should expect IDM companies to eventually dominate the space. However, many of these companies will be slow to embrace the cloud due to lack of cloud DNA or fear of cannibalizing their legacy business. Hesitations may leave the barn door wide open for large SaaS vendors that already think of themselves as platforms and already host house important elements of enterprise identities. CRM, collaboration services, HR SaaS such as Salesforce, Google,, Workday or SuccessFactor (now SAP) come to mind as legitimate candidates to occupy the enviable position of identity broker within the cloud eco-system.

Service Management Brokers – The Cloud & SaaS Marketplace

The third obvious cloud brokering platform opportunity is the cloud and SaaS marketplace. This cloud exchange is to the enterprise and cloud services what the Apple store is to consumers and their beloved device: the mission-critical broker service that integrates, manages, fulfills and bills cloud services. This cloud broker is essential to the transformation of IT into a business enablement function (i.e. IT as a Service). As IT transforms into a service organization focused on agile business enablement some primitives capabilities become foundational: automated procurement of cloud services, on-demand provisioning of users and elastic deployment of applications. The enterprise SaaS marketplaces become the metaphor for business functions and employees to access the new IT capabilities in self-service. IT itself become the ultimate broker but it needs a specialized technology platform. The broker makes IT truly capable of enabling heterogeneous services while ensuring capacity, monitoring SLAs, and usage-based billing across the different groups and functions that comprise a large enterprise. Integration is another critical value-add of the SaaS service broker. SaaS marketplace therefore must be more than simple SaaS stores, they must be thought as end to end platforms that can support the dynamic meshing and flexible workflow composition of external cloud services across multiple providers. They need to be tightly integrated with corporate identities and corporate information as well. These are the characteristics of a true cloud platform and potentially very large enterprise business. Cloud and SaaS marketplaces should be the promise land of the traditional middleware and system integrators such as Oracle, HP, IBM, Microsoft or Dell; unless the dominant SaaS platforms manage to “force” their way into the new market to beat the incumbents.

Data Integration and Intelligence – The Cloud Datamart

The last and maybe the largest cloud brokering platform may turn to be the cloud data mart. Son of Haddoop and Cassendra, this cloud broker rules the cloud data integration and intelligence markets. The business problem it will solve is the age-old IT challenge of business data integration and business intelligence. When corporate data actually resides across distributed cloud services and databases (HR, CRM, finance…) this old problem becomes a whole new ball game. The technology cornerstone is a cloud database, multitenant, distributed yet capable of integrity. Think of it as an intelligent data warehouse infrastructure at the edge of the network, capable of logging, aggregating, and intelligently analyzing corporate information stored across multiple enterprise SaaS services. It is both a big data challenge and a cloud integration challenge. The cloud datamart need to integrate with the CRM, HR and ERP systems of tomorrow. We already know that these systems and their data stores will no longer stand in-premise. A cloud database is a fairly thorny technical problem in itself. Cloud data integration is its business killer app. The technical and business requirements are extremely ambitious but rewarding. Can you imagine the next generation Oracle, Splunk and Business Objects as a single cloud offering?!

Business and technology predictions are of good form at the beginning of a new year. Of course, these predictions will often be defeated by the devils of execution. Most are soon forgotten. Yet, there should be little doubt that the heterogeneous and distributed nature of the cloud creates large business opportunities for cloud brokers. The shift to the cloud screams for changes in technology platforms. With changes come land grab opportunities. As product people and architects, it is thought-provoking to imagine the lands we should lay course to, in order to find the new gold. Eldorado or fool’s gold, that is the only question.

*** This is a Security Bloggers Network syndicated blog from Blue Ocean authored by Nico Popp. Read the original post at: