Whereas a few years ago one might have still been asking the question about where the money is in Cloud, and whether most of it is on the free side of freemium, this argument is now passé. The evidence in 2016 shows that the huge forecasts were realistic, and that the big guns in the traditional software world are 'moving and shaking' in Cloud, along with the young Turks: the hyperscalers like Google, force.com and Amazon. The big guns like Microsoft and SAP are moving so rapidly into the market that they are making all their growth from Cloud. What is more, these companies are doing so profitably, despite the fears that Cloud-based utility models carry lower margins than the old way of selling software. SAP are predicting that the crossover point between Cloud and traditional business will be reached in the next few years, while Microsoft could make 30% of its total sales from Cloud services by 2018.

Much of the early adoption of cloud services was on the 'lite' side, e.g. cloud security applications such as managed firewalls, email and web content filtering, virus and spam detection, along with hosted email and collaboration services, and when integrated, Unified Communication as a Service (UCaaS). The latter includes hosted PBX services and Skype for Business (stand-alone or bundled with Office 365). These do not involve committing the company's IT crown jewels to an unnamed server in an unknown remote location. Some of these are also services that ISPs have been providing for years, even before the term Cloud became mainstream - but they clearly tick most of the boxes. Ironically, these are services that are widely adopted for the enhanced security they offer - in stark contrast to the oft-cited fears of security breaches and loss of control that inhibited wider adoption of cloud-based applications.

And then there was the one business application that was really the first to make it big in the cloud, namely CRM, best typified by Salesforce and MS Dynamics. The distinction between such business applications and UCaaS is rapidly blurring as integration between these former silos is the new wave of development. This means, for example, that you no longer have to leave your ERP or CRM application to initiate a virtual meeting in the cloud, including call control features that allow participation on mobile phones. These are relatively new developments, meaning we are still in the early stages of adoption. Some large enterprises - notably including a major South African bank - are developing their own integrated enterprise banking applications with just such integrated UCaaS functionality.

UCaaS applications are easily adopted by businesses of all sizes. Many cloud services are especially well suited to small and medium enterprises (SMEs), relieving them of the need to invest heavily into their own server infrastructure, and related skills and administration hassles. However, the situation in South Africa is atypical with most of the action in the cloud business application space to date has been in the larger enterprise market. Now that SAP and Microsoft are pushing hard into cloud, we are seeing a higher level of uptake of enterprise applications, including ERP and the productivity suite with Office 365. Microsoft's sworn commitment to the cloud as a fundamental strategic thrust is notable in this regard.

The industry has taken pains to educate the market on the extent to which security concerns have been addressed, or are simply ill-founded to begin with. The service providers' reputations hang on this, and they have gone to great lengths to ensure that their environments are secure and safe - in fact a lot safer than those that the average company might provide in their own environment. Security has become a selling point. Some ISPs see off-site backups as the low hanging fruit to attract customers into their data centres for a single outsourced process that is easy to motivate and also easy to cost-justify. Once there, they may be attracted to move other functions and applications across. The reality is that the hyperscalers like Microsoft, Google and Amazon will always win on scale and that argument extends to security - something they have to invest heavily into, for their own business' sake.

Depending on the nature of your business, and your customer data, it is also important to consider where your data resides - the question of 'data domicile'. South Africa does not yet have a comprehensive legal framework in place in this regard, but there are a few relevant pieces of legislation. The Protection of Personal Information (POPI) Act is a specific instance, and is the closest SA has got to data protection, which could therefore be said to apply to data stored in the cloud. A SARB Guidance note 5/2014 provides requirements for the outsourcing of functions within banks and emphasises that banks should realise the significance of cloud computing initiatives and offshoring of material IT business activities and functions. Similarly SARS has also laid out conditions for offshore storing of accounting records. SMEs may often be less aware of corporate governance requirements than large companies, especially those in highly regulated industries such as banking. Ultimately, it all depends on the nature of the information you are dealing with, and the sensitivity around that information. If data domicile is an issue, a hosting service provider will generally give you the option of local-only hosting.

Larger companies are typically following the 'hybrid cloud' approach: first implementing applications in a private cloud environment, getting familiar with the architecture, and then gradually or selectively implementing some elements in the public cloud environment. It is not a case of 'all or nothing'. Over time one may elect to expand the range of applications or implement a hybrid solution, which allows bursting into public cloud when the situation demands. So for some infrastructure and applications you may be comfortable, and for others you would rather 'hug your server goodnight'. It all boils down to your assessment of risk - and whether you perceive cloud services to be a more secure solution rather than the opposite, and ticks all the other boxes.