Microsoft
Cloud computing at RSA: It’s not all fluff
Mar 5th
he RSA Conference invited several guest speakers to talk about a variety of topics surrounding cloud computing, including security, value propositions and cost savings to consumers and IT departments which want to reduce costs of information storage. Guests offered various views on scalability, security risks and efficiency models that indicate that there are significant value added services that can reduce IT costs dramatically.
For consumers, the decisions of IT services used by various sized businesses convinced into using cloud computing affects how cloud information and products are used, and how the vendor manages and protects information that potentially exposes you to events beyond your control. Businesses recognize these potential risks and are aware of impacts they may bring upon themselves if cloud computing services are vulnerable.
The evidence is clear – networks are hacked into everyday. Credit card information, transaction records, bank account information, personal identification records, etc. are retrieved through network intrusions regardless if they are stored in managed private networks or outsourced to public cloud based providers. So what makes sense to implement?
Value propositions of shared infrastructure costs spread over a number of customers at a central data center repository suggests that there are significant savings to be had by entering into Cloud based network services. Cloud computing offers different architecture designs, some are good and some are poor. Those that are enabled with shared data drives, network switches, routers, firewalls, intrusion detection systems and VPN domains and hardware should be thoroughly reviewed and analyzed during your service provider review. Consumers have little choice — and little knowledge of how CIO’s and IT departments make these choices.
The components involved in making such decisions are pretty basic, yet continue to be immersed into classic Fear, Uncertainty and Doubt (FUD) debates. Network hacking and intrusions into large network infrastructure such as Google, Intel, Yahoo, and financial data centers are everyday news.
Should something go wrong…
Are the advantages of Cloud computing compared in-house management of data worth the risks or not? Are the financial savings gobbled up in tarnished image and damage control? There are white papers offering several views on the subject here on ZDNet. You can decide from a technical merits perspective if the human and hardware costs savings can make a difference to your IT budget. These key benchmarks of return on investment can be categorically stated and offer ‘reasonable’ accuracy in financial reporting terms.
What cannot be put into the financial statement or projected costs savings are the unknowns in your company’s brand protection should something go wrong. Other considerations are litigation, insurance (risk) costs, and other service liability claims that could arise.
Soon to be a part of the equation are privacy and document responsibility protection costs that are not possible to calculate because the laws concerning how you protect your customer information are in a state of flux — and tort reform is not likely to be addressed in the near future. The more information is stored in central repositories where information about you is collected and used from single source environments, the more risk is taken upon by the provider of cloud computing suppliers. In a business environment that currently is experiencing difficult cost saving exercises, cloud computing is a potentially attractive option. In the current political environment the old business mantra of: ” too big to fail” is no longer true. Just ask GM, Lehman Brothers, and just about all pension funds. Today, a lot of companies have significant IT costs that potentially hinge upon whether or not they become the next dead, nearly dead, or put on life support entity. This may trigger how much risk a company undertakes managing information and intellectual property.
Consumers in many ways have simply become numb to it all. It’s almost acceptable that it is going to happen and why fight it. The tolerance level appears to be very high to potential impacts to an individual’s information. But how much more are people willing to take before it’s too much – let alone too late to fix? The tolerance to credit card fraud has been acceptable in the past because the consumer has never been liable for damages. But as people become accustomed to electronic health care records, personal profile data and purchasing history becoming intermixed and interconnected, that may change how much risk and tolerance consumers are willing to put up with.
Even Google is vulnerable
It was OK when it didn’t happen to you, but when it does, the tune suddenly changes. Data centers that are operated by third parties invite more than just criminal intent, including government oversight, profiling, personal attack, manipulation and legal litigation that may wind up being more expensive to you and the company that entered into a cloud computing service than realized. In fact, I would suggest that cloud computing service providers like Google are exposed to legal and financial risks that could lead to their demise.
In the United States, government agencies like DOJ, FTC, FITC, FBI will be of no help until after the fact. They simply pick up the pieces after an incident occurs. There are no regulations or federal guidelines that are enforceable in a cloud computing environment prior to commencing service. The privacy and criminal laws are not certification or compliance elements. ISO standards and other litmus tests are not mandatory, nor are they sanctioned by any government agency. In some countries, like Canada and Australia, there are requirements with respects to privacy and information security to be in compliance with concerning management of information, but not how they are physically stored within a cloud provider’s infrastructure. Insurance companies are just beginning to learn how to offer product liability products concerning Cloud service providers and they will require certifications like IS0 27001 and SAS70 reviews.
Of particular concern is access to information by government authorities. By hosting your information with third party entities, you may not be even aware of search warrants and monitoring by government agencies and this creates potential vulnerabilities that are not only beyond your control, but potentially damage your company’s credibility - permanently. Processes, policies and jurisdiction issues are upcoming hot spots creating significant legal and ethical questions that are not transparent. Service providers can stress that they have the best security and controls in the world. They are no good to you as a company or individual when the authorities knock on their door and you don’t even know.
Criminal and intelligence communities’ attraction to attack such a valuable commodity will always be in demand. Consumer sympathy, complacency and tolerance will collide and cannot be relied upon for recovery. Cloud computing is an appropriate description for such services. CIO’s and consumers need to understand that SOME clouds may look like nice fluffy places to park your data, others but they can turn out to be towering cumulus clouds emitting thundering lightning bolts that eventually hit you, maybe more than once, and leaving nothing behind.
Related posts
How To Move Your Business To The Cloud
Mar 5th
Tips for evaluating and implementing cloud computing technologies.
How in the world does a chief information officer or information technology professional cope with the challenge of delivering solutions for the second decade of the 21st century when they are saddled with 1980s technology?
Add the issues surrounding reduced budgets and the ongoing knock on IT workers–that they do not respond in a timely manner to changes in business–and you have the setting for change. Both in how IT delivers solutions and how IT needs to change itself.
The good news is that for once in almost 30 years, software is changing. No longer are you stuck with simply new features using outdated technology. You now have an alternative technology solution. The historical technology providers are, of course, trying to maintain their hold on you and your budget dollars by marketing “internal clouds,” alliances that merge hardware and software stacks that imply “infrastructure to application” environments but totally miss the point and the benefit of cloud computing. But of course you would do this, too, as part of the innovator’s dilemma.
As a CIO, how does your company take advantage of this changing technology and business model called the cloud?
There are a few things to consider with cloud computing. First, a number of research firms suggest that cloud implementations can take up to 50% less time, and total cost of ownership can be up to 46% cheaper. Both of these are shown in numerous white papers provided by cloud solution providers, and for the most part are reflective of the power and benefits cloud computing can provide.
However, one caution: Should you need or require multiple integrations, go cautiously. Integrating cloud solutions to on-premise solutions still takes time. Although somewhat less expensive, it still can add to project costs. Also, ERP cloud providers have some perverse view that makes integrating their solutions with other necessary cloud solutions very difficult. This is still the throwback to the “old software model” where your vendor “knows best.” Key takeaway: As you get into cloud computing, make sure your vendors not only have robust application programming interfaces, but also that they have demonstrated those integrations with other vendors you may be considering.
Another consideration in cloud computing is the vendor’s openness regarding service-level agreements, disaster recovery and security. Even the larger providers have their outages, but they still deliver higher uptimes than your internal data centers. However, with newer vendors and providers, make sure they are invested in your SLA so it is not just a contract term.
Final consideration for you in exploring cloud computing solutions: customization. One of the key benefits of cloud computing is the ability to customize the solution to some degree. So you have the advantage of changing the cloud solution to your process and behavior; with on-premise solutions, you need to change your behavior to their process.
Cloud computing will change your internal business model. It allows you to significantly reduce your capital outlays for hardware and software.
Related posts
Microsoft on Cloud Computing: Live Webcast 1PM EST
Mar 4th
The Cloud: Exciting New Possibilities
Microsoft CEO Steve Ballmer discusses Microsoft’s cloud computing strategy. Watch the live Webcast March 4 at 1:00 p.m. EST/10 a.m. PST.
LIVE WEBCAST
Related posts
Cloud Computing Investing Ideas
Mar 2nd
“Cloud Computing” is a new buzzword (or is it buzzwords?). Everybody is talking about it and most people don’t understand it. I will try to review the current state of cloud computing from an investment perspective and possible future developments in the area.
IT expenses are huge in most companies. At least that’s what any manager (with some exception) will tell you. To reduce those expenses, companies have adopted various business practices: cutting the number of personnel (usually with disastrous consequences later), appointing MBAs as IT department managers, buying software packages instead of in-house development (not a bad idea) and, of course, outsourcing (with the whole spectrum of results, from awful to great). In most cases, IT costs have ignored all heroic efforts of managers and have continued to grow. They continue to grow for two reasons: IT does more work every year and most of the efforts of managers are counterproductive- they actually increase costs instead of cutting them.
Looks like managers see cloud computing as a great new way to cut IT costs. They are both right and wrong. They are right because when implemented properly, cloud computing can cut costs and/or increase productivity. They are wrong because there is no such thing as a free lunch and correct implementation still costs a lot of time, effort, and money.
In the news, especially investment news, there are three different IT developments which are lumped together under name of “cloud computing”. Below is a quick review of them.
Internal Cloud
Also called server farm, this is a new way of organizing computing infrastructure. Companies set up big server farms with thousands of individual servers. Servers belong to the company, although management might be outsourced. The biggest plus of internal clouds is the fact that all data is kept on company’s own hardware. Usual features of such farms include: virtualization, automatic computer management and virtual networking. I am not going to explain all these terms, there are enough explanations on the Web. The first server farms, as far as I know, were used by Web oriented companies, such as Amazon.com (AMZN), Yahoo! (YHOO), Ebay (EBAY) and Google (GOOG).
But for investors, the most interesting companies are those which provide hardware and software solutions for internal clouds. The biggest of them are: Dell (DELL), HP (HPQ), IBM (IBM), Cisco (CSCO), EMC (EMC) in hardware; and in software, Microsoft (MSFT), VmWare (VMW), Oracle (ORCL) (which is also a hardware vendor after buying Sun Microsystems). There are also a lot of smaller players, but judging by the latest earning report from Brocade (BRCD), competition is stiff and prospects are not certain.
External Cloud
If the idea of storing data on somebody else’s hardware doesn’t scare you, the cloud itself can be outsourced. Currently, Amazon, Google, Microsoft, AT&T (T) and a lot of smaller companies provide this kind of service. I think that Amazon and Google have an advantage here, both because they are better at managing relationships and have better hardware/software combinations. Microsoft’s policy of using exclusively the Windows operating system is a drag on performance, while Amazon’s and Google’s reliance on Linux is a plus. AT&T is at a disadvantage here as well, because its problems with customer service are not restricted to the mobile phones area.
The companies provide virtual machines to their customers, with the operating system of the customer’s choice. But Linux is a better base for virtualization than Windows. Unfortunately for investors, external cloud doesn’t look like a significant piece of business for any of these companies or any other big companies which might get into it. Possible candidates are IBM, Ebay, Yahoo!, Dell, HP, Oracle. Of specialized companies, I only found Rackspace Hosting (RAX) and Enomaly, which is not public (yet?). I don’t know if specialized companies have any chance inside of the herd of elephants, but Rackspace is on my watch list.
Software As a Service
I don’t really know why is it often called “cloud computing,” it has nothing in common with the other two. These are suites of applications provided to businesses online, usually through web browser interface. True, companies providing applications might use internal or even external computer clouds, but the business model is completely different.
From my point of view, this is a very interesting development. There is only one problem for the companies here: data is kept on devices which belong to a different company. But in this case, companies don’t need expensive IT departments to run the application. It’s not a big help to big companies, which use hundreds of different applications, including a lot of custom built. But for a small company, which needs less than a dozen applications, this is a very interesting proposition. Current competitors in this area: Salesforce.com (CRM), Oracle ORCL), Rightnow Technologies (RNOW).
Salesforce.com is a leader, and any independent company is a possible acquisition target for Oracle and SAP (SAP). There is a possibility that Microsoft might get into this business, using acquisitions or internal developments, but so far I don’t see any indication.
Of the above mentioned, software as a service is the most interesting investing area. I’m looking at Salesforce.com often, but the stratospheric P/E scares me every time. I might be wrong and the P/E might be justified. For internal clouds, software companies look like the best bet with VMW being the leader. I don’t see any investing possibilities in the external clouds yet. I am long GOOG for different reasons and I think that AMZN is a great company, for other reasons as well.
Related posts
Cloud vs. in-house: Where to run that app?
Mar 1st
Options include public clouds and external private clouds. Here’s how to choose wisely.
Computerworld – One of the biggest decisions IT managers have to make is how and where to run data center applications. Fortunately, there are multiple choices that lower costs and increase business agility, including server virtualization, internal clouds, public clouds and external private clouds.
Many IT organizations are taking advantage of these options. Server virtualization is currently being used by more than 70% of enterprises to reduce costs, and cloud computing is being used or planned for use by more than 10% of corporations, according to Antonio Piraino, research director at Tier1 Research.
It can be confusing and difficult to determine which cloud environment to use (see sidebar below for descriptions of the most popular types of clouds). There are few, if any, guidelines, and each company will almost certainly have a unique discussion about its choices because each will have varying requirements and different views of what cloud computing means.
To take advantage of the new opportunities afforded by cloud computing, IT organizations have to learn the differences between server virtualization and various types of clouds, and understand the risks associated with using each execution environment in terms of the characteristics of various applications.
What is a cloud?
One may wonder why there’s an interest in cloud computing when server virtualization is already providing significant cost savings by reducing the number of physical servers that enterprises buy. But it’s not the same thing at all.
Different clouds to choose from
There are basically two types of clouds: public clouds and private clouds. Cloud types can generally be characterized by their location (on-premises or off-premises) and the perceived degree of security that they provide.
A public cloud is one in which a cloud service provider makes resources such as servers, storage, networking and, possibly, applications available to users over the Internet. Public clouds are off-premises by definition. A customer’s applications may be running in an intermingled style on the same physical server as another customer’s applications, meaning public clouds are multitenant. Public cloud services, such as Amazon’s EC2, are usually offered on a pay-per-usage model — you pay for what you use.
Private clouds take two forms: internal clouds and external private clouds. An internal cloud is inside your data center (on-premises), giving IT managers complete control over the available resources. A typical internal cloud relies on the security measures available within the cloud and within your data center. Ubuntu Enterprise Cloud and Microsoft Azure are examples of packaged software for creating internal clouds.
External private clouds combine characteristics of internal clouds and public clouds. They are like public clouds because they are off-premises. But unlike public clouds, applications run on dedicated servers, and the cloud provider has built container walls around the external private cloud to make it more secure than public clouds. IT managers have more control over the resources in a private cloud than over resources in a public cloud. Amazon’s Virtual Private Cloud is an example of an external private cloud.
“Clouds provide automation and orchestration not found with server virtualization,” says Jeff Deacon, cloud computing principal for Verizon Business. (Although Deacon’s day job is helping figure out which of Verizon’s internal applications should go on the cloud, his company also sells a public-cloud offering called Computing as a Service.)
In other words, Deacon says, cloud computing involves imposing a layer of abstraction between the applications and servers — physical or virtual — that automates many tasks typically done manually.
“Clouds can be viewed differently, depending on what you want from a cloud,” adds David Escalante, director of IT security at Boston College. “We view cloud computing as running software applications that you would normally run in your own data center in someone else’s data center. It is very important to create a definition of cloud computing for your organization.” Armed with that definition, Boston College can focus on determining whether cloud computing is right for its data center needs, and which applications can be run on clouds.
Because clouds are based on virtualization, applications have to be virtualized before being moved to any of the cloud environments. But some cloud vendors can help with this, especially if the vendor supports a specific hypervisor.
On the other hand, organizations that already have their applications virtualized in a server virtualization environment may be able to move them to a public cloud without any extra work. Also, the operating systems supported by server virtualization and clouds play a role in where applications can be run. For example, clouds based on Microsoft’s Azure support only Windows applications.
Related posts
CA Acquires 3Tera To Boost Presence In The Cloud
Feb 24th
SLANDIA, N.Y., February 24, 2010 – CA, Inc. (NASDAQ:CA) today announced a definitive agreement to acquire privately-held 3Tera®, Inc., a pioneer in cloud computing. 3Tera’s AppLogic® offers an innovative solution for building cloud services and deploying complex enterprise-class applications to public and private clouds using an intuitive graphical user interface (GUI). Terms of the agreement were not disclosed.
With 3Tera—which follows CA’s recent acquisitions of Cassatt, NetQoS and Oblicore—CA continues to aggressively expand its portfolio of solutions to manage cloud computing as part of an integrated information technology management program.
3Tera enables enterprises and service providers to provision, deploy and scale public and private cloud computing environments while maintaining full control, flexibility and reliability. 3Tera also makes it easy for service providers to offer application stacks on demand by adding applications to the AppLogic catalog, where they can be deployed to a low-cost, shared cloud infrastructure. 3Tera’s customers include more than 80 enterprises and service providers globally, which use the cloud computing technology to provide services to thousands of users.
“CIOs can use cloud computing to build and manage a new type of IT ‘supply chain’ across today’s virtualized internal and external technology infrastructure,” said Chris O’Malley, executive vice president of CA’s Cloud Products & Solutions Business Line. “3Tera technology is a powerful addition to the total solution CA provides for optimizing these high-value supply chains—from the mainframe to the cloud.”
Rapid, Simplified Cloud Enablement
Using the intuitive GUI and drawing from a catalog of pre-configured virtual server and software components, AppLogic simplifies the design and deployment of composite applications as a single logical entity in the cloud. By unifying application configuration, application deployment, and a virtual server fabric—functions that are otherwise typically performed in a fragmented manner—AppLogic helps reduce costs, improve productivity and increase service quality.
“3Tera eliminates the manual, error-prone tasks that have historically hampered an organization’s ability to deploy IT services to the cloud,” said Barry X Lynn, CEO of 3Tera. “As part of CA, we can bring rapid and simple cloud enablement to a dramatically larger group of customers, leveraging the thousands of CA sales, services and support professionals.”
In addition to AppLogic, 3Tera provides a cloud computing marketplace that allows software vendors to provide developers with production-ready cloud components and full applications that are available on a pay-as-you-go basis. This greatly facilitates exchanges of value between developers, service providers and customers.
Integration with Virtual and Physical Management Technologies
By streamlining cloud-based deployment of composite applications, 3Tera adds significant new capabilities alongside CA’s existing virtual and physical infrastructure management functionality—including that provided by CA Spectrum Automation Manager, the CA Service Assurance line of products, and the recently acquired assets of Cassatt and Oblicore.
CA plans to integrate AppLogic with these and other key technologies to provide customers with a comprehensive set of tools for delivering, managing and optimizing cloud computing as part of overall enterprise IT environment. CA also plans to extend support of 3Tera, which currently operates on the Xen virtualization platform, to include both VMware ESX and Microsoft Hyper-V™.
“AppLogic is a software platform that helps IT departments and service providers rapidly create and deploy cloud applications,” said Rachel Chalmers, research director at The 451 Group. “By adding this technology to its own strengths in IT management, CA is offering an intriguing value proposition to customers who want to both take advantage of the cloud’s adaptability and maintain rigorous control of the their virtual service delivery infrastructure.”
To learn more about CA and cloud computing, visit http://www.ca.com/cloud.
Related posts
Cloud Computing & Natural Monopolies
Feb 24th
Mike Kirkwood of ReadWriteWeb recently wrote a piece asking the question “Will One Company Become the Dominant Player in Cloud Computing?” Kirkwood offered a series of arguments both for and against the idea of the market being one where a “natural monopoly” might occur and a few of his arguments are worth exploring in greater depth.
Addressing the potential for vendor lock-in (think Outlook .PST files), Kirkwood points out that cloud customers may demand data portability:
If customers demand solutions where they can move from vendor to vendor freely, it will impact the landscape. Companies with cloud solutions in the marketplace could be required by these customers to remove barriers to moving data and services between different entities.
Kirkwood should know that this is already happening. CRM solutions like HighRise by 37Signals and cloud-based office solutions like Google Apps already have these features built in. One of the biggest reasons that many companies are moving to cloud-based applications is because they’re weary of being locked-in to solutions that hold their data hostage. It’s doubtful that these exit doors will disappear when things like office suites, CRMs, accounting software, and other software categories are almost exclusively offered as cloud applications or web apps. Customers already expect and will continue to demand the freedom to move their data around—a new culture of data portability is being created as a part of the shift to the cloud and that consumer expectations may be permanently altered because of it.
So long as data is portable, it seems doubtful that any vendor will be able to gain anything near a monopoly status through the use of tired proprietary software shenanigans. Huge capital expenses, like those associated with setting up an Exchange server and installing the latest version of Outlook on hundreds of desktop machines is also a thing of the past. The massive upfront costs are being replaced by cheap subscription models that easily scale as a firm’s need for a given sort of software grows. This means switching to a new vendor in the cloud involves little more than an export and important of data, followed by an email supplying co-workers with a new URL, username, and password.
The one area that Kirkwood doesn’t explore which may have some potential for a would-be monopolist is exploiting possible network effects—the idea that everyone uses brand X because everyone else uses brand X. This makes sense when you think of something like Facebook, where the sole value of the product is derived from the fact that a lot of people use it—otherwise why would anyone use the abysmal site? But does this sort of logic apply to accounting software? Would I choose to use something from Intuit instead of FreshBooks because my friends use it?
No, but I might choose a software titles because my potential employees are more likely to already be familiar with it and those potential hires might choose to learn one software title over another because employers are more likely to be using it. This is the kind of a snowball effect that could give one vendor an advantage that has nothing to do with the quality of their product.
But here too I see the culture of the emerging cloud applications market being a strong force against this kind of software/employee compatibility lock-in argument. Aside from wanting to flee the world of proprietary standards, expensive servers, in-house IT staff, client-side software, and other technological nightmares that come with so many non-cloud applications, companies are fleeing the world of terrible user interfaces. The cloud based-apps that I use—BaseCamp, HighRise, MailChimp, Google Apps, FormSpring, WuFoo, Mint, as well as many others—are all orders of magnitude less daunting and needlessly complex than something like the UX abomination that is the Microsoft Office suite. (Hint: If the “plain and simple” guide to your software runs 384 pages, you’re doing it wrong.)
Cloud software creators seem to actually care about user interface, somewhat negating the notion of user training related network effects—fostering what I will now officially dub “user portability.” Again, one could argue that when some software categories become predominantly cloud-based, and cloud software creators are not longer selling the concept of web software itself along with their specific services, that this emphasis on user interface could be phased out in favor of making more “ribbons.” But because of the new culture of data portability, user portability is likely to be maintained as well because bad user interfaces will be punished through losing customers to a better UX that is just a export, import, and quick staff-wide email away.
I’m really interested to hear my fellow TLFers and our readers’ thoughts on this issue. Is the cloud a near-perfect market or am I just a naive idealist who doesn’t see the vapory beginnings of a future cloud monopoly looming in the distance?
