Hybrid–The New Normal
From Cars to Clouds, The Hybrids are Here Most of us are hybrids. I’m Hawaiian and Portuguese with a bit of English and old time Shogun. The mix is me. I bet you probably have some mix from your parents which makes you a hybrid. The U.S. has been called the melting pot due to all the different ethnicities that live here. I’ve got hybrid seeds for planting – my grass is a hybrid that contains 90% of the fescue and 10% bluegrass so bare spots grow back and also got some hybrid corn growing. With the drought this year, some farmers are using more drought resistant hybrid crops. There are hybrid cats, hybrid bicycles and of course, hybrid cars which has a 3% market share according to hybridcars.com. My favorite has always been SNL’s Shimmer Floor Wax – A Floor Wax and a Dessert Topping! Hybrid is the new normal. Hybrid has even made it’s way into our IT terminology with hybrid cloud and hybrid infrastructures. There are Public Clouds, those cloud services that are available to the general public over the internet; Private (Internal or Corporate) Clouds, which provides cloud hosted services to an authorized group of people in a secure environment; Hybrid Clouds, which is a combo of at least one public cloud and one private cloud; and, what I think will become the norm, a Hybrid Infrastructure or Hybrid IT, where there is a full mix of in-house corporate resources, dedicated servers, virtual servers, cloud services and possibly leased raised floor – resources are located anywhere data can live, but not necessarily all-cloud. This past June, North Bridge Venture Partners announced the results of its second annual Future of Cloud Computing Survey which noted that companies are growing their trust in cloud solutions, with 50% of respondents confident that cloud solutions are viable for mission critical business applications. At the same time, scalability remains the top reason for adopting the cloud, with 57% of companies identifying it as the most important driver for cloud adoption. Business agility ranked second, with 54% of respondents focused on agility. They also noted that cloud users are changing their view with regard to public vs. hybrid cloud platforms. Today, 40% of respondents’ are deploying public cloud strategies, with 36 percent emphasizing a hybrid approach and within five years, hybrid clouds will be the emphasis of 52% of respondents’ cloud strategies. Most respondents (53%) believe that cloud computing maintains a lower TCO and creates a less complex IT. Earlier this year, CIO.com ran a story called, Forget Public Cloud or Private Cloud, It's All About Hyper-Hybrid, where they discussed that as more organizations adopt cloud services, both public and private, for mission critical business operations, connecting, integrating and orchestrating the data back to the core of the business is critical but a challenge. It’s no longer about cloud but it’s about clouds. Multiple cloud services that must link back to the core and to each other. Even when organizations that are cloud heavy, IT shops need to keep up the on-premise side as well, since it's not likely to go anywhere soon. They offer 5 attributes that, if relevant to a business problem, the cloud is a potential fit: Predictable pricing, Ubiquitous network access, Resource pooling & location independence, Self-service and Elasticity of supply. If you are heading in the Hybrid direction, then take a look at BCW’s article from April this year called, Hybrid Cloud Adoption Issues Are A Case In Point For The Need For Industry Regulation Of Cloud Computing. They discuss that the single most pressing issue with hybrid cloud is that it is never really yours which obviously leads to security concerns. Even when a ‘private cloud’ is hosted by a third party, 100% control is still impossible since an organizations is still relying on ‘others’ for certain logistics. Plus, interoperability is not guaranteed. So a true hybrid is actually hard to achieve with security and interoperability issues still a concern. The fix? Vladimir Getov suggests a regulatory framework that would allow cloud subscribers to undergo a risk assessment prior to data migration, helping to make service providers accountable and provide transparency and assurance. He also mentions the IEEE's Cloud Computing Initiative with the goal of creating some cloud standards. He states that a global consensus on regulation and standards will increase trust and lower the risk to organizations when precious data is in someone else’s hands. The true benefits of the cloud will then be realized. ps References: Forget Public Cloud or Private Cloud, It's All About Hyper-Hybrid Hybrid Cloud Adoption Issues Are A Case In Point For The Need For Industry Regulation Of Cloud Computing 2012 Future of Cloud Computing Survey Exposes Hottest Trends in Cloud Adoption Cloud Computing Both More Agile and Less Expensive How to Protect Your Intellectual Property in the Cloud The IEEE's Cloud Computing Initiative IEEE Cloud Computing Web Portal Charting a course for the cloud: The role of the IEEE The Venerable Vulnerable Cloud Cloud vs Cloud FedRAMP Ramps Up The Three Reasons Hybrid Clouds Will Dominate F5 Cloud Computing SolutionsThe Venerable Vulnerable Cloud
Ever since cloud computing burst onto the technology scene a few short years ago, Security has always been a top concern. It was cited as the biggest hurdle in many surveys over the years and in 2010, I covered a lot of those in my CloudFucius blog series. A recent InformationWeek 2012 Cloud Security and Risk Survey says that 27% of respondents have no plans to use public cloud services while 48% of those respondents say their primary reason for not doing so is related to security - fears of leaks of customer and proprietary data. Certainly, a lot has been done to bolster cloud security, reduce the perceived risks associated with cloud deployments and even with security concerns, organizations are moving to the cloud for business reasons. A new survey from Everest Group and Cloud Connect, finds cloud adoption is widespread. The majority of the 346 executive respondents, 57%, say they are already using Software as a Service (SaaS) applications, with another 38% adopting Platform as a Service (PaaS) solutions. The most common applications already in the cloud or in the process of being migrated to the cloud include application development/test environments (54%), disaster recovery and storage (45%), email/collaboration (41%), and business intelligence/analytics (35%). Also, the survey found that cloud buyers say the two top benefits they anticipate the most is a more flexible infrastructure capacity and reduced time for provisioning and 61% say they are already meeting their goals for achieving more flexibility in their infrastructures. There’s an interesting article by Dino Londis on InformationWeek.com called How Consumerization is Lowering Security Standards where he talks about how Mob Rule or the a democratization of technology where employees can pick the best products and services from the market is potentially downgrading security in favor of convenience. We all may forgo privacy and security in the name of convenience – just look at loyalty rewards cards. You’d never give up so much personal info to a stranger yet when a store offers 5% discount and targeted coupons, we just might spill our info. He also includes a list of some of the larger cloud breaches so far in 2012. Also this week, the Cloud Security Alliance (CSA) announced more details of its Open Certification Framework, and its partnership with BSI (British Standards Institution). The BSI partnership ensures the Open Certification Framework is in line with international standards. The CSA Open Certification Framework is an industry push that offers cloud providers a trusted global certification scheme. This flexible three-stage scheme will be created in line with the CSA's security guidance and control objectives. The Open Certification Framework is composed of three levels, each one providing an incremental level of trust and transparency to the operations of cloud service providers and a higher level of assurance to the cloud consumer. Additional details can be found at: http://cloudsecurityalliance.org/research/ocf/ The levels are: CSA STAR Self Assessment: The first level of certification allows cloud providers to submit reports to the CSA STAR Registry to indicate their compliance with CSA best practices. This is available now. CSA STAR Certification: At the second level, cloud providers require a third-party independent assessment. The certification leverages the requirements of the ISO/IEC 27001:2005 management systems standard together with the CSA Cloud Controls Matrix (CCM). These assessments will be conducted by approved certification bodies only. This will be available sometime in the first half of 2013. The STAR Certification will be enhanced in the future by a continuous monitoring-based certification. This level is still in development. Clearly the cloud has come a long way since we were all trying to define it a couple years ago yet, also clearly, there is still much to be accomplished. It is imperative that organizations take the time to understand their provider’s security controls and make sure that they protect your data as good or better as you do. Also, stop by Booth 1101 at VMworld next week to learn how F5 can help with Cloud deployments. psThe Cloud Impact and Adoption Infographic
Maybe you’ve noticed but I’ve been on an infographic kick lately – especially when it’s something interesting. This time it is an aggregated infographic of data primarily from Forrester, IDC and Gartner as it pertains to the cloud’s impact and adoption thru 2015. According to Axway, the cloud is expected to become the primary operating system for enterprise by 2014, mobile devices are driving adoption, and the cloud hype is over, this thing is for real. Full jpg can be found here. psThe Cloud’s Hidden Costs
Survey says…and many companies believe that moving architecture, resources or other IT infrastructure pieces to the cloud will save them money. That’s been one of the biggest selling points of cloud computing – pay as you go, metered service, pay what you use – the internet as a utility offering. And while simple deployments can be cost effective, complete architectural maneuvers often put pressure on the cloud’s main value proposition according to a recent Information Week article. Burning through metered service when you think most everything is off can easily happen, as any of us are aware with lights, water, electricity and gas in our own homes. In the IT world, a development team may have spun up some servers for testing and forgot to decommission; another group may have commandeered some servers for a specific campaign; or, the overflow/burst/DR model went into play due to some holiday and the servers are still running well after the wrapping paper is stuffed in the garbage recycle bin. The ability for anyone with a credit card to procure cloud infrastructure services can lead to that same someone also forgetting to turn off the lights, spigot, stove and internet. We’ve all done it. And when that bill arrives, the envelope suddenly drops and the paper insert slowly floats to the floor as we attempt to understand ‘what the heck was left running!?!’ Visibility seems to be the primary culprit. As cloud providers continue to expand and grow, often their visibility into and control over usage patterns decreases. And CIOs can’t take full advantage of cloud economies since they may not know the who, what, where, when and how of the application(s) running in the cloud and thus, the overall cost implications. Cloud management tools, which are also evolving, primarily focus on provisioning, capacity, utilization and workflows but not always the total cost of ownership. Most organizations are not even fully aware of the costs until that big envelope arrives and they might not deal with or have a plan for ‘overages’ until it happens. In addition, as more companies look to the cloud for business continuity/disaster recovery scenarios, as the recent disaster planning study from AT&T suggests, those ‘deer in the headlights’ gazes may become more common. According to the article, these four situations account for cloud's most common hidden costs: 1. Runaway VMs: One of the key tenets of the cloud is self-service, making it easy for users to gain access to compute power wherever and whenever they need it. Often what happens, though, is users are so empowered to spin up compute resources that they overprovision or go over budget because there are no guidelines or caps in place to limit their usage. 2. Zombie VMs: This is something referred to as the "living dead" concept. Think back to the group of developers who spun up a bunch of clouds for load testing, which they never brought down, or even a handful of licenses for a software-as-a-service (SaaS) application purchased on credit cards by a lone business group, which after a period of brief usage lies dormant. While individually these expenses may not account for much, cumulatively they can add up, especially if there's no visibility for tracking, and months, even years, go by without turning off the spigot. 3. Choosing the wrong pricing model: Cloud providers price their services differently and often, the costs are a moving target. Many organizations will opt for more expensive on-demand pricing because they don't want to make a long-term commitment to the provider, but they do so without having the proper context. 4. Maintenance costs: A move to the cloud means support and maintenance comes off of IT's plate. Well, that's the idea, but not necessarily the reality. Also, all of the groups that have tapped cloud resources on their own (so-called shadow IT) come calling on IT, not the support folks at the Amazon cloud, when something goes wrong. At one point or another, we all have forgotten to turn off a light, the water, a heater, the AC or any other item that uses the traditional utilities. The new Smart meter Edison installed on the side of my house is supposed to give me visibility into my usage for proper cost analysis. Organizations need something similar as part of the cloud management tools to give them the ability to properly plan if and when sticker shock hits their system. ps References: 4 Causes Of Cloud Bill Shock Google Apps Clears Key Security Hurdle Study: Mobile, Cloud Computing Factoring Into Disaster Recovery Cisco Survey Tracks Top Cloud Concerns Hey You, Get Off-ah My Cloud! Cloud Security With FedRAMP Surfing the Surveys: Cloud, Security and those Pesky Breaches Audio White Paper - Application Security in the Cloud with BIG-IP ASM Successfully Managing VDI Services with the BIG-IP System (pdf) F5 Desktop Virtualization SolutionsSurfing the Surveys: Cloud, Security and those Pesky Breaches
While I’m not the biggest fan of taking surveys, I sure love the data/reports that are generated by such creatures. And boy has there been a bunch of recent statistical information released on cloud computing, information security, breaches and general IT. Since this prologue is kinda lame, let’s just get into the sometimes frightening, sometimes encouraging and always interesting results from a variety of sources. 2012 Verizon Data Breach Report: If you haven’t, read Securosis' blog about how to read and digest the report. It’s a great primer on what to expect. An important piece mentioned is that it’s a Breach report, not a cybercrime or attack report. It only includes incidents where data was taken – no data loss, not included. And with that in mind, according to the report, there were 855 incidents with 174 million compromised records, the 2nd highest data loss total since they’ve been tracking (2004). This coming after a record low 4 million lost records last year. The gold record of stolen records. While hacktivism exploded, accounted for 100 million of that 174 mill of stolen records and 58% of all data theft along with untraditional motives; credit cards, intellectual property, classified info and trade secrets were all still hot targets. 81% of the breaches used some sort of hacking with 69% involving malware. 79% were targets of opportunity meaning they had an exploitable vulnerability rather than being ‘on a list.’ 96% of the breaches were not that difficult and 97% could have been avoided using simple to standard protection mechanisms. Unfortunately, organizations typically don’t discover the breach until weeks later. As Securosis points out, don’t be flustered by the massive increase in lost data but focus on the attack and defense trends to help protect against becoming a statistic and as Verizon mentions, ‘this study reminds us that our profession has the necessary tools to get the job done. The challenge for the good guys lies in selecting the right tools for the job at hand and then not letting them get dull and rusty over time. Evidence shows when that happens, the bad guys are quick to take advantage of it.’ BMC Software Survey: Conducted by Forrester Consulting on behalf of BMC, ‘Delivering on High Cloud Expectations’ found that while 81% of the respondents said that a comprehensive cloud strategy is a high priority, they are facing huge challenges in accomplishing that task – mainly complexity. Even with cost reduction as a top IT priority, 43% reported using three or more hypervisor technologies as they try to reduce complexity. CIOs are concerned that cloud technologies offer an avenue for groups to circumvent IT which may hinder IT’s ability to meet overall business expectations. When groups deploy unmanaged public cloud services without IT involvement it can add to the complexity that they are trying to avoid. While 79% of respondents do plan on supporting mission-critical workloads on unmanaged public cloud services over the next two years, only 36% allow this today. No surprise that hybrid-cloud deployments, at 37%, was the most desired deployment. The full study results will be announced on Thursday, April 26, 2012 at 11 a.m. CDT as part of a BMC webinar. CSC Cloud Usage Index: Late last year, Independent research firm TNS surveyed more than 3,500 cloud computing users in eight countries around the world to find answers to cloud usage, expectations, attitudes and other cloud related questions. The survey focused on capturing user information about outcomes and experiences rather than predictions and intentions. In an interesting shift from the typical ‘cost savings’ and ‘business agility’ usually cited as a top motivator, one-third of respondents cite their need to better connect employees who use a multitude of computing devices as the number one reason they adopt cloud. 17% claim agility and only 10% indicate cost savings as a top reason for cloud adoption. 82% of respondents said they saved money on their most recent cloud project but 35% of U.S organizations reported a payback of less that $20,000. In terms of overall IT performance, 93% of respondents say cloud improved their data center efficiency/utilization and 80% see similar improvements within six months of moving to the cloud. Zenoss 100 Best Cloud Stats of 2011: Admittedly, this came out last year but it is still a great statistical overview of Cloud Computing. It starts with data growth stats, like 48 hours of video uploaded to youtube every minute; that 74% of Data Centers have increased their server count over the last three years accounting for 5.75 million new servers every year yet 15% do not have data backup and recovery plans; that, on average, cloud users report saving 21% annually on those applications moved to the cloud; that a delay of 1 second in page load times equals 7% loss of conversions, 11% fewer pages viewed and a 16% decrease in customer satisfaction; that Agility is the top driver for cloud adoption and Scalability the top factor influencing cloud use; that 74% of companies are using some sort of cloud service today yet 79% do not have an IT roadmap for cloud computing and a whole slew of others. All the stats appear to be attributed and run the gamut from storage to cloud to apps. Cloud Industry Forum (CIF) study: As enterprises continue to embrace cloud adoption, it is important for service providers to understand motivators for cloud adoption to ensure those services are being offered. This study, USA Cloud Adoption & Trends 2012 shows that smaller U.S. companies indicate that flexibility as their main driver for cloud adoption while large enterprises cite cost savings as their main reason for cloud deployments. This survey also noted that ‘Cloud’ is no longer a nebulous buzzword with 76% of polled organizations already using some sort of cloud computing for at least one service. Organizations are happy about it also – 98% said they were satisfied with the results of their cloud services with 94% expecting to increase their use in the next 12 months. Data security and data privacy were tagged as the top concerns with 56% and 53% respectively. By no means an exhaustive list of all the recent survey results pertaining to cloud and/or IT security, but they do offer some interesting data points to consider as organizations continue to strive to deliver their available applications as fast and secure as possible. psHey You, Get Off-ah My Cloud!
Who would have thought that a Rolling Stones song written almost 50 years ago could become a technology cliché (or battle cry) a half-century later. Yesterday, research firm Gartner Inc. said that by 2014, The Personal Cloud will replace the Personal Computer as the Center of the Users’ Digital Lives. The Cloud has come a long way in a few years – quickly going from some nebulous thing based on virtualization that everyone tried to define to the Center of our Digital Lives. This does not necessarily mean the death of the PC, personal computer that is, it just means that the focus will be on the devices, leveraging each device strength, how we use various/different devices daily and deliver the content based on that context. Since we’ll be able to get to our stuff, all our stuff, on whatever device we have at the time, we’ll be happier and more productive. OK, what’s the bad news? This will require IT to completely rethink how they deliver applications and services to users yet again. According to Gartner’s Press Release: Several driving forces are combining to create this new era. These megatrends have roots that extend back through the past decade but are aligning in a new way. Megatrend No. 1: Consumerization — You Ain't Seen Nothing Yet Gartner has discussed the consumerization of IT for the better part of a decade, and has seen the impact of it across various aspects of the corporate IT world. However, much of this has simply been a precursor to the major wave that is starting to take hold across all aspects of information technology as several key factors come together: Users are more technologically savvy and have very different expectations of technology. The Internet and social media have empowered and emboldened users. The rise of powerful, affordable mobile devices changes the equation for users. Users have become innovators. Through the democratization of technology, users of all types and status within organizations can now have similar technology available to them. Megatrend No. 2: Virtualization — Changing How the Game Is Played Virtualization has improved flexibility and increased the options for how IT organizations can implement client environments. Virtualization has, to some extent, freed applications from the peculiarities of individual devices, operating systems or even processor architectures. Virtualization provides a way to move the legacy of applications and processes developed in the PC era forward into the new emerging world. This provides low-power devices access to much-greater processing power, thus expanding their utility and increasing the reach of processor-intensive applications. Megatrend No. 3: "App-ification" — From Applications to Apps When the way that applications are designed, delivered and consumed by users changes, it has a dramatic impact on all other aspects of the market. These changes will have a profound impact on how applications are written and managed in corporate environments. They also raise the prospect of greater cross-platform portability as small user experience (UX) apps are used to adjust a server- or cloud-resident application to the unique characteristics of a specific device or scenario. One application can now be exposed in multiple ways and used in varying situations by the user. Megatrend No. 4: The Ever-Available Self-Service Cloud The advent of the cloud for servicing individual users opens a whole new level of opportunity. Every user can now have a scalable and nearly infinite set of resources available for whatever they need to do. The impacts for IT infrastructures are stunning, but when this is applied to the individual, there are some specific benefits that emerge. Users' digital activities are far more self-directed than ever before. Users demand to make their own choices about applications, services and content, selecting from a nearly limitless collection on the Internet. This encourages a culture of self-service that users expect in all aspects of their digital experience. Users can now store their virtual workspace or digital personality online. Megatrend No. 5: The Mobility Shift — Wherever and Whenever You Want Today, mobile devices combined with the cloud can fulfill most computing tasks, and any tradeoffs are outweighed in the minds of the user by the convenience and flexibility provided by the mobile devices. The emergence of more-natural user interface experiences is making mobility practical. Touch- and gesture-based user experiences, coupled with speech and contextual awareness, are enabling rich interaction with devices and a much greater level of freedom. At any point in time, and depending on the scenario, any given device will take on the role of the user's primary device — the one at the center of the user's constellation of devices. "The combination of these megatrends, coupled with advances in new enabling technologies, is ushering in the era of the personal cloud," said Mr. Kleynhans. "In this new world, the specifics of devices will become less important for the organization to worry about. Users will use a collection of devices, with the PC remaining one of many options, but no one device will be the primary hub. Rather, the personal cloud will take on that role. Access to the cloud and the content stored or shared in the cloud will be managed and secured, rather than solely focusing on the device itself." Of course I immediately thought of Pigpen with his cloud of dust following him around or that we will all have those ‘thinking’ balloons around us wherever we go. At least we can keep the acronym. ps Resources: Gartner Says the Personal Cloud Will Replace the Personal Computer as the Center of Users' Digital Lives by 2014 ‘Personal Cloud’ to Replace PC by 2014, Says Gartner Gartner Consumer Research: Personal Cloud Get Off of my Cloud Computing – Competition in the ‘Cloud’ Get Off of My Cloud Hey, You, Get off of My Cloud Hey You, Get Off Of My Cloud Get off my cloud! (It’s private) Technorati Tags: F5, gartner, personal cloud, cloud computing, Pete Silva, security, business, consumerization, technology, application delivery, cloud, mobile, infrastructure 2.0, web, internetCloud Copyright, Capital and The Courts
In 2006, Cablevision was developing a service which allowed customers to record, pause and replay their television content on/from servers located at Cablevision’s data center rather than on the customer’s Digital Video Recorder itself – in the cloud rather than on a local hard drive. A consortium of U.S. television and copyright holders challenged Cablevision in court arguing that Cablevision’s Remote Storage Digital Video Recorder (RS-DVR) infringed on copyrighted content laws in that, they were making copies of protected works and infringing on exclusive right of reproduction; briefly buffering/storing that content also infringes on exclusive reproduction rights; and by transmitting the data back to the customer, they were infringing on exclusive rights to public performance. In 2007, a district court found in favor of the copyright owner but in 2008, the decision was reversed by the Second Court of Appeals. The court clarified that Cablevision was not directly infringing copyright by offering a remote DVR service outside the customer’s home. Viewers could now record and save authorized TV content on a device within Cablevision’s infrastructure. This ruling, according to Josh Lerner, Harvard Business School’s Professor of Investment Banking, had a huge impact on U.S. venture capital moving to cloud computing. A risk was removed. In Europe, where the ruling had no authority, the venture investments in the cloud were much less. This is an important economic topic and ruling due to the relationship between venture, innovation and job growth. The ruling might also be relevant in Australia where Optus is facing the same legal challenge today. They started a service in July called Optus TV Now that does essentially the same thing as Cablevision’s. Allowing customers to record and watch the 15 free-to-air stations that are available. Customers can watch the content directly or over their smartphone or computer via the internet. In their July announcement they even included, ‘it is a breach of copyright to make a copy of a broadcast other than to record it for your private and domestic use. Optus accepts no responsibility for copyright infringement.’ Well, the owners of the copyright material being stored and retrieved are saying breach, especially the AFL and NRL, the football and rugby leagues. Optus is saying it’s no different than people recording on a personal DVR at home. It’ll be interesting to follow this. Back to the ‘funding the cloud’ story. Lerner’s study, 'The Impact of Copyright Policy Changes on Venture Capital Investment in Cloud Computing Companies,' he examines the impact and effect of the US Second Circuit Court of Appeals decision. The authors found that the decision led to additional incremental investment in U.S. cloud computing companies compared to Europe. Figure 1 of their paper: The same growth did not occur in Europe and in some cases, these types of services have been blocked from even getting to market. Imagine how much different services from Amazon, Apple and Google would be if the court did not reverse the 2007 ruling. ps Related: Clouds, copyright and venture capital: a multibillion dollar nexus? Optus offers free-to-air TV recording for those on the go Technology Neutral Copyright has a Positive Impact on Investment, Job Creation and Innovation in ITC The Cloudy Enterprise: Hours More Important Than Dollars The Business Intelligence--Cloud ParadoxCloud Computing Making Waves
Every once in a while, I’ll do a news search for ‘cloud computing.’ Yesterday was one of those days and while there are always a few stories about ‘the cloud,’ I was somewhat amazed by the number and range of topics that appeared. Also, the most recent issue (Oct 2011) of Consumer Reports had an article about ‘what’s the cloud.’ It was fairly elementary but for some reason when something is covered in Consumer Reports, I tend to think it’s finally reaching the masses. I’m glad they included, ‘Use caution when signing up for any cloud service. Make sure your information is well protected against cyber thieves. The company you're using should encrypt sensitive data and have state-of-the art privacy safeguards. And use strong passwords—a combination of letters, numbers, and symbols in a minimum of six characters’ Yes, we love encryption. And to the search results. With the economy still sputtering along, Forbes had an article talking about how Cloud Computing May be a Shot in the Arm our Economy Needs. On demand applications, pay-as-you-go and agility were common themes, as they have been for a couple years. The author talks about the fear of ‘hollow corporations,’ or those that do not produce and good or services but simply act as middle-men – brokers of services. However, these services are coming from the cloud, delivered via technology from the provider to the consumer. They are not really ‘hollow’ but what is called, ‘loosely coupled’ corporations. How a system or entity can do fine on it’s own, but when coupled with other systems, that’s when the fireworks fly. These providers would simply be the aggregation point of various third-party services which are made available to the consumer on-demand. He talks about how cloud computing can blur the lines between IT consumers and providers. How traditional non-IT companies, like online retailer Amazon, is also a cloud provider and how corporations could build their own private cloud and offer those services to partners and customers. He also looks into how Cloud can get a startup going very inexpensively; how small application shops can survive by selling their innovative software in app stores; and how ‘micro-outsourcing,’ not the entire bundle but pieces of IT resources are becoming more common. He really talks about the business angle rather than cloud technology. When the cloud first started making headlines, there was a notion due to costs and even technical knowledge, that the cloud would be perfect for small businesses. While some SMB took advantage, the big growth came when large enterprises began tinkering with cloud services, albeit with small portions of their infrastructure. Over at SmallBusinessComputing.com, an article called Cloud Computing Tips for Small Business gives small businesses some areas of focus when looking into cloud services. Things like software management, data storage and IaaS as a potential area for investigation for those with equipment like servers that may be nearing end of life. Avoid that onsite upgrade, especially for storage. Security is certainly another area not only for small business but all companies that consider cloud. The cloud can give small businesses (and their customers) that round-the-clock feeling of a large enterprise. Of course, plan and budget wisely, according to the article. We knew it was happening and CIO has an article about How Cloud Computing Is Changing Data Center Designs and Costs. Interesting look at how cloud computing is driving data center design. Formally, the cloud advantage relied on efficient use of current data center design patterns and now the cost basis of data centers is transforming by the creation of new data center designs focused on scale, efficiency and commodity components. They are becoming mass scale computing environments rather than raised floor cages housing individual company servers. Cost is a big topic of this article. Of all the IT services that could benefit from cloud computing, email was always considered a great contender. Jumping on a Gartner report which says Gmail Now Credible Rival to Microsoft Exchange, a bunch of folks wrote about the implications of cloud email. While still only around 4% of the total enterprise email market, Gartner expects it to grow to 20% by 2016 and 55% market share by 2020. Still a way off and lots can happen but certainly a trend to follow. Financial institutions, who may require greater security and other features may not be so quick to adopt, but others are signing up rapidly. One way to transition is to have a hybrid of cloud and on-premise inboxes. Public? Private? Oh, no…it’s Hybrid Cloud to the rescue. Yes Public is growing fast; yes, companies feel more comfortable with Private; but Hybrid might be the best of both worlds. The ability to balance workloads, move peak traffic, outsource less critical apps, adhere to SLAs and overall agility is making Hybrids very attractive to those looking to cloud computing. On any given day a ‘cloud computing’ search can give varying results depending on the hot topics, this time it seemed to return a cornucopia of stories covering a wide section of topics. And now I’m caught up….until tomorrow. ps Resources: Cloud Computing May be a Shot in the Arm our Economy Needs IT Departments as business service brokers Open Group releases a book on reaping cloud's benefits Cloud Computing Tips for Small Business How Cloud Computing Is Changing Data Center Designs and Costs Cloud Computing: Just a Data Center for Hire? Cloud Computing Transforming Contact Center Industry Cloud computing a serious contender for email services Gmail is ready for enterprise IT spotlight, Gartner says Gmail Now Credible Rival to Microsoft Exchange: Gartner Hybrid Cloud Computing gets real Hybrid cloud computing growing quickly F5 Cloud Solutions Technorati Tags: F5, costs, integration, cloud computing, Pete Silva, security, business, education, technology, application delivery, cloud, context-aware, infrastructure 2.0, web, internetThe STAR of Cloud Security
The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, recently announced that they are launching (Q4 of 2011) a publicly accessible registry that will document the security controls provided by various cloud computing offerings. The idea is to encourage transparency of security practices within cloud providers and help users evaluate and determine the security of their current cloud provider or a provider they are considering. The service will be free. CSA STAR (Security, Trust and Assurance Registry) is open to all cloud providers whether they offer SaaS, PaaS or IaaS and allows them to submit self assessment reports that document compliance in relation to the CSA published best practices. The CSA says that the searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher-quality procurement experiences. There are two different types of reports that the cloud provider can submit to to indicate their compliance with CSA best practices. The Consensus Assessments Initiative Questionnaire (CAIQ), a 140 question document which provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings and the Cloud Control Matrix (CCM) which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in areas like ISACA COBIT, PCI, and NIST. Providers who chose to take part and submit the documents are on the ‘honor system’ since this is a self assessment and users will need to trust that the information is accurate. CSA is encouraging providers to participate and says, in doing so, they will address some of the most urgent and important security questions buyers are asking, and can dramatically speed up the purchasing process for their services. In addition to self-assessments, CSA will provide a list of providers who have integrated CAIQ and CCM and other components from CSA’s Governance, Risk Management and Compliance (GRC) stack into their compliance management tools. This should help with those who are still a bit hesitant about Cloud services. The percentage of those claiming ‘security issues’ as a deterrent for cloud deployments has steadily dropped over the last year. Last year around this time on any given survey, anywhere from 42% to 73% of those respondents said cloud technology does not provide adequate security safeguards and that that security concerns have prevented their adoption of cloud computing. In a recent cloud computing study from TheInfoPro, only 13% cited security worries as a cloud roadblock, after up-front costs at 15%. Big difference than a year ago. In this most recent survey, they found that ‘fear of change’ to be the biggest hurdle for cloud adoption. Ahhhh, change. One of the things most difficult for humans. Change is constant yet the basics are still the same - education, preparation, and anticipation of what cloud is about and what it can offer is a necessity for success. ps References: CSA focuses best-practice lens on cloud security Assessing the security of cloud providers CSA Registry Strives for Security Transparency of Providers Cloud Security Alliance Introduces Provider Trust and Assurance Registry Transparency Key To Cloud Security Cloud Security Alliance launches registry: not a moment too soon Fear of Change Impedes Cloud Adoption for Many Companies F5 Cloud Computing SolutionsCloudFucius Shares: Cloud Research and Stats
Sharing is caring, according to some and with the shortened week, CloudFucius decided to share some resources he’s come across during his Cloud exploration in this abbreviated post. A few are aged just to give a perspective of what was predicted and written about over time. Some Interesting Cloud Computing Statistics (2008) Mobile Cloud Computing Subscribers to Total Nearly One Billion by 2014 (2009) Server, Desktop Virtualization To Skyrocket By 2013: Report (2009) Gartner: Brace yourself for cloud computing (2009) A Berkeley View of Cloud Computing (2009) Cloud computing belongs on your three-year roadmap (2009) Twenty-One Experts Define Cloud Computing (2009) 5 cool cloud computing research projects (2009) Research Clouds (2010) Cloud Computing Growth Forecast (2010) Cloud Computing and Security - Statistics Center (2010) Cloud Computing Experts Reveal Top 5 Applications for 2010 (2010) List of Cloud Platforms, Providers, and Enablers 2010 (2010) The Cloud Computing Opportunity by the Numbers (2010) Governance grows more integral to managing cloud computing security risks, says survey (2010) The Cloud Market EC2 Statistics (2010) Experts believe cloud computing will enhance disaster management (2010) Cloud Computing Podcast (2010) Security experts ponder the cost of cloud computing (2010) Cloud Computing Research from Business Exchange (2010) Just how green is cloud computing? (2010) Senior Analyst Guides Investors Through Cloud Computing Sector And Gives His Top Stock Winners (2010) Towards Understanding Cloud Performance Tradeoffs Using Statistical Workload Analysis and Replay (2010) …along with F5’s own Lori MacVittie who writes about this stuff daily. And one from Confucius: Study the past if you would define the future. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8
