Brian Suda has sent me a link to a conversation between Bruce Schneier and Marcus Ranum, in which Bruce says:
"By 2017, people and organizations won't be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We're starting to see this trend today, and it's going to take off in the next 10 years. Where this affects security is that by 2017, people and organizations won't have a lot of control over their security."
Well, unsurprisingly I agree. The threat is that companies are going to find themselves locked in. Before someone shouts "open standards" - I don't believe they are sufficient to ensure portability.
However companies can act in a way to overcome this problem - the answer to this lies in the prisoners dilemma.
First, let's assume that much of IT is ubiquitous and of little strategic value. The only real advantage that can be gained is through efficiency and for this reason various XaaS providers look attractive. However, the downside to this is the risk of lock-in and the lack of any portability and choice between providers.
Secondly, if there was portability and choice between providers then there would exist a competitive market. Such a market would reduce the cost of XaaS to the consumers, however for the producers their product would be a commodity. Providers are unlikely to do this despite there being very good strategic reasons for being the first mover.
So the situation here is that consumers (i.e. companies) of XaaS want to adopt it in order to gain efficiencies and hence some operational advantage (no matter how short lived) but they don't want the lock-in. In order to do this, providers would have to work against their natural instincts.
If we assume that eventually all companies would move to XaaS and that IT is predominantly a cost of doing business, then the best move for companies would be to collectively move to a portable XaaS market. Of course, this requires collective agreement and hence we have the issue of the prisoners dilemma with providers trying to entice companies over.
So I take interest in organisations like DataPortability and suggest that there is a need for such an organisation to act as a trusted intermediary on behalf of all customers (companies included) and to push forward the concepts of a portable XaaS market. I also believe it is about time that companies who are consumers of such IT work in concert through such intermediaries to ensure that their interests are served.
The alternative, well it's just like Bruce says, the world would be dominated by "telcos, large ISPs and systems integration".
It doesn't have to be, there is an opportunity here to create a functioning market through open source. Of course, if we do head down the direction which Bruce is concerned about ... we will eventually end up with Government intervention.