In discussions over the past few months with Microsoft and other cloud services vendors the issue the entire industry is grappling with right now is how to allow “untrusted code” to run in the cloud. “Untrusted code” seems to be defined as “code not developed by me” with “me” being the operator of the cloud services. This applies to any cloud services for applications as opposed to cloud services for host virtualization. The limitations seem to be tied to the fact that most cloud services vendors are still in the throes of migrating traditional private instances, or “on-prem”, software to hosted, multi-tenant environments that aggregate all of the complexities and requirements of “on-prem” software into a single location. This rush to the cloud is fundamentally changing software design and architecture. The answer isn’t web services and it’s not better virtualization. The answer is aligning maturity levels between consumers and suppliers of the cloud service providers. With all of the marketing tricks and schemes focused on driving adoption of cloud services distracting focus from implementation, at the end of the day it comes down to the customer and service provider being able to communicate and live with each other’s expectations; technically and operationally. Service providers need to be able to provide clearly understood technical and operational standards. Customers have to be able to understand and work with the impact these standards have on their applications and services. This drives a lot of cost into the equation of the founding business case, which is often missed.