Thursday, September 24, 2009

More on Cloud Security

#cloudcomputing

The other day I posted a quick note on Cloud security. As a follow-on to that post the following two articles are worth a read.

eWeek writer Wayne Nash wrote an interesting piece called "Is Cloud Computing Secure? Prove it?"

“Security is not a product that can be purchased,” Dan Kusnetzky, vice president of research operations for The 451 Group said. “It’s a way of life, an implementation of the proper architecture, and the proper selection of tools, programs and procedures. No product that I know of is either secure or insecure. The same is true of the cloud computing environment.”

Over on CloudAve, Krishnan Subramanian proposes that "Cloud Security Needs A Rethink But The Evolution Will Be Slow".

I was going to take out some key points from his last two paragraphs but it's all important so I've included it all here.

This transformation is not going to happen overnight. It is an evolution with too many players in play. There are customers who need a mind shift on how they perceive about the security, there are the cloud service providers who should offer the highest level of security in their infrastructure and, also, build trust with sensible contracts that will add confidence to the enterprise customers (a few red and green dots doesn't cut the slack) and, finally, regulators who should understand the advantages of fast evolving technologies and make the regulations in tune with the technological development. On top of all these things, the cloud technology is still in the early stages and needs to mature further.

Unless we see an evolution on all the above said fronts, it is difficult to visualize a world where public clouds are the only way of life. In fact, even with the evolution of all the above said players, the very fact that the world is diverse and the needs are diverse implies that there will always be some need for the so called private clouds and internal clouds. I do agree that the economics of public clouds will eventually move more and more customers into the public clouds but the evolution will be slow and not complete. There is no point in arguing if private clouds should exist or not. Rather, we should be focusing on developing better standards for interoperability, security, etc. and let the market forces decide on the evolutionary path of the clouds.

Kevin
ZeroTouch IT Ltd

Wednesday, September 23, 2009

Not all downloads are illegal

Great commentary on this topic from JP

Read article here

...Whatever you may have been told, the internet was not actually created to become a new distribution mechanism for failing entertainment industries. There is considerable pressure on the industry to change, to innovate. New business models are emerging, based on patronage, on subscription, on advertisements.

We have to allow the innovation to continue. Today, even the worst enemies of downloaders would accept that somewhere between 13% and 16% of all downloads are legal and paid for, whatever those terms now mean. There are 6 billion people out there, all getting connected to the commons that is the internet. The industry should learn from Grateful Dead and Prince and Nine Inch Nails, focus on growing the size of the pie to make sure that 13-16% represents a very big number. Because that is possible, even likely.

And:

Most people are law-abiding. Most people want to make sure that artists are rewarded. Sometimes laws are out of date and need changing. Sometimes business models are out of date and need changing.

In the internet we have something precious and valuable. In the millenial generation we have something precious and valuable. It is time to keep our heads and do the right thing, foster innovation, encourage cultural expression and adaptation. And avoid seeking to alienate an entire generation…. in order to try and implement a failed proposition.


Kevin
ZeroTouch IT Ltd

Tuesday, September 22, 2009

Cloud Security

#cloudcomputing #saas

The lower down the stack the Cloud provider stops, the more security you are responsible for implementing and managing yourself.



Is the Cloud more or less secure?

  • Without context, this is a stupid question.
  • The reality is that we are just as insecure as we've always been!

Kevin
ZeroTouch IT Ltd

Monday, September 21, 2009

IT evolution from physical servers to cloud

#cloudcomputing

I came across this interesting graph recently from Jamal Mazhar in Kaavo. It attempts to capture the benefits and challenges of various phases of IT evolution from the days of having dedicated physical servers for each application to the use of public clouds. It nicely highlights the differences.




Kevin
ZeroTouch IT Ltd

Sunday, September 20, 2009

What works in the Cloud?

#cloudcomputing

What works in the Cloud?

  1. When processes, applications and data are mostly independent
  2. When the integration points are well defined
  3. When there is an acceptance of lower security levels (or perceived to be lower)
  4. When an organisations internal IT enterprise architecture is good
  5. When the required platform is web based
  6. When cost is a consideration
  7. When the applications are new

What doesn't work so well?
  1. When processes, applications and data are not decoupled
  2. When the integration points are not well defined
  3. When high security is a requirement (or the perception of high security)
  4. When an organisations internal IT enterprise architecture is not so good
  5. When the applications require "thick-client" interfaces
  6. When cost is a consideration
  7. When the applications are legacy

Kevin
ZeroTouch IT Ltd

Friday, September 18, 2009

The importance of business analytics in an on-demand world

#saas #analytics

On-demand services offer an enormous advantage over traditional enterprise software in the ability to collect real-time business intelligence. When building or running your service don't forget to incorporate mechanisms to facilitate efficient collection, measurement, analysis and feedback of key business and service performance information into your corporate / service strategy. A successful on-demand service should be able to answer these essential questions about your service users:

  1. What did they do?
  2. Could they do it?
  3. Why did they do it?
  4. How did they do it?

Thanks to Alistair Croll for the original idea. Also, check out the SAS Institute if you are really serious about what Business Analytics can do for your business.

Kevin
ZeroTouch IT Ltd

Thursday, September 17, 2009

The Good Enough Revolution

Are you responsible for bringing products or services to market? If so, you really need to read this Wired Magazine article on The Good Enough Revolution.

Entire markets have been transformed by products that trade power or fidelity for low price, flexibility, and convenience. — Erin Biba

There is a change going on with everything from music players (MP3), to computers (Netbooks), to software (Salesforce.com) and probably every other market out there. Wired sums it up nicely:

So what happened? Well, in short, technology happened. The world has sped up, become more connected and a whole lot busier. As a result, what consumers want from the products and services they buy is fundamentally changing. We now favor flexibility over high fidelity, convenience over features, quick and dirty over slow and polished. Having it here and now is more important than having it perfect. These changes run so deep and wide, they're actually altering what we mean when we describe a product as "high-quality."

Take some time and read the Wired article.

Kevin
ZeroTouch IT Ltd

Wednesday, September 16, 2009

Where does education go from here?

If you have any interest in education or learning, you should read this post from Seth Godin.

Education at the Crossroads

Lots to think about here...

Kevin
ZeroTouch IT Ltd

Clouds - the fourth column

#saas #cloudcomputing

Following on from my previous post about moving into an on-demand world it is important to look at Clouds from the IT buyer perspective. Alistair Croll posted an interesting article the other day (For CIOs, clouds are the fourth column) discussing an aspect of this.

From his post:
Clouds are transforming IT; that’s not news. But regardless of your cloud computing agenda, clouds are already affecting your IT plans, because they give you a cudgel with which to bludgeon traditional software and infrastructure providers.

Every IT decision of any real consequence starts with a shortlist of three competing offerings. One of the three is usually the incumbent provider [...] . Along with this incumbent are a couple of alternate providers. As a buyer, you line the features and prices of each contender up in nice, clean columns where you can compare them. Sometimes these providers are simply “column fodder” designed to rein in the incumbent; but many IT companies have built healthy businesses by being the alternate.

It’s time to add a fourth column: a cloud-based offering. That means every Request for Proposals (RFP) that a company issues must have a cloud-based option, regardless of whether the company actually plans to adopt clouds.


...Even if you believe you’ll never use a cloud computing platform (you Luddite, you!) you need to treat a cloud offering as a fourth column when evaluating any IT solution. You’ll be better armed, and more likely to discover hidden costs.

Worth thinking about but I would prefer if the fourth column was more than just "column fodder" and actually a serious consideration for the CIO - because Clouds can seriously impact a company in a positive way.

Kevin
ZeroTouch IT Ltd

Tuesday, September 15, 2009

The effect on revenue of on-demand sales

#saas #cloudcomputing
The effect on revenue needs to be managed carefully when moving from traditional software sales models to on-demand ones.

The guys over at CloudAve have been doing some pretty interesting posts recently about the challenges of moving traditional software companies to on-demand models. Yesterday I posted about our experiences of the differences on the technical side of the house when you move to providing on-demand services.

Successful software companies excel at designing products, writing and testing software, and providing quality professional services capabilities. They also know how to market and sell software and in many cases to establish partnerships. These capabilities are mostly the same regardless of sector. On-demand or SaaS delivery models require different capabilities in operations, customer support, infrastructure (servers, power, storage, databases, networking), security, performance and load testing, continuous service improvement, IT Service Management, and specifically how to master the model of selling services rather than software.
This post from Ben Kepes summarises Ariba's experience of making the shift. Worth a read for anybody considering making the move (which you should).

Kevin
ZeroTouch IT Ltd

Monday, September 14, 2009

Operational Fatigue and on-demand services

#saas #cloud computing
I was reading Dani Shomron's blog and he was discussing the differences between software engineers and operations engineers. See his post here - Discipline (or lack thereof) and Operational Fatigue.

I spent most of the time while reading this nodding in agreement. In a lot of projects I've been involved in recently this difference keeps coming up and it amazes me how many companies choose to ignore it or dismiss it as a problem at all.

The world is changing for software companies. Not only have they to deal with the normal pressures of competition, regulation, cost pressure etc but they also must adapt to the fast emerging requirements from their customer base for new on-demand delivery models (e.g. SaaS – Software-as-a-Service). These companies have to consider SaaS delivery for two primary reasons:

  1. Their current customer base is demanding it
  2. They need to unlock new markets for their products and on-demand delivery is an ideal way to do this (particularly for 2nd and 3rd tier markets)

Successful software companies excel at designing products, writing and testing software, and providing quality professional services capabilities. They also know how to market and sell software and in many cases to establish partnerships. These capabilities are mostly the same regardless of sector. On-demand or SaaS delivery models require different capabilities in operations, customer support, infrastructure (servers, power, storage, databases, networking), security, performance and load testing, continuous service improvement, IT Service Management, and specifically how to master the model of selling services rather than software. We developed the diagram below to illustrate the contrasts between these models.



We spend a lot of time working with software companies to provide the Service piece of the Software-as-a-Service model, which allows them to focus on what they do best – writing software.

The sooner software companies stop looking at on-demand / SaaS models from a technology perspective and start focusing on the service end of things the better. As James Urquhart from Cisco says: "The Cloud isn't a technology, it's an operational model."

Kevin
ZeroTouch IT Ltd

A data centre built from lego

Came across this recently. It's 60 secs long. Some people obviously have way too much time on their hands - fun all the same!

Click here to see video

Kevin
ZeroTouch IT Ltd

Tuesday, September 1, 2009

Enterprise 2.0 Needs To Stop Being So Naive

Very interesting piece from Paul Michaud over on CloudAve on why the whole Enterprise 2.0 movement is not matching up to its hype, particularly for large organisations. Click here for original post.

From the article:
From my perspective, I think the Enterprise 2.0 crowd needs to come down to earth and get a large dose of reality. The world of Big Enterprise IT is not the same as a tech startup in the valley. Not every application is about Web and related tools, collaboration, mashups, etc. The apps where that stuff applies are frankly trivial and if that was the state of the world app complexity wise we wouldn’t have the issues we have and we wouldn’t even be talking about Enterprise 2.0. The reality is real Enterprises have issues with Organizational Structure and that same structure fights changes. I can’t tell you how many times I have seen attempts to redesign IT Org’s go down in flames or the result be just as bad as where they started. They have issues with tons of legacy apps that continue to need to be supported, integrated, updated,etc. Think Y2K people. Those Cobol apps are still going strong (as much as the thought of that gives me a rash) and they cannot support mashups or social computing, or be run in a cloud. How do you deal with putting Paul Michaud’s contact information into 500-1000 applications which are scattered around the firm globally and no two of which store and address or a middle name the same. These are boring mundane problems bu they are the real issues that keep CIO’s awake at night, not whether their employees can change the color of the GUI background on the latest app or have better internal chat facilities, or Tweet from their desk.

Speaking as an ex-CIO from the Financial Services industry, I know that the Enterprise 2.0 "industry" wasn't solving the really hard problems which we struggled with every day. E2.0 is not a silver bullet. And no, the solution is not to "just re-write everything". E2.0 tools and approaches have their place but they do not solve everything a medium to large organisation has to deal with. Paul is right, the vendors need to be less naive and take a reality check.

Kevin
ZeroTouch IT Ltd