Lessons available from cloud, even if you don’t plan to move

FCB today continues its conversation with Jeffrey M. Kaplan, Managing Director of THINKstrategies, Inc.

Photo: ecommercetimes.com

He gives us his insight into whether or not there will be standards for cloud worldwide, and also discussed what lessons can be learned about the cloud computing world when examining the fight between China and Google.

Jeffrey Kaplan: Standards in the technology have always been a touchy matter because there’s so many different interpretations about the way in which technology ought to be deployed, and, of course, there are a lot of proprietary politics associated with that, as well.

So, I don’t think we’re ever going to get to a point where there is a strict set of standards that govern cloud computing, but I do think that we’ll get to a point where there are a set of defacto standards which set certain parameters for how cloud computing ought to be developed and deployed in order to ensure that it is meeting the quality and reliability and security expectations of organizations.

But I don’t think you’ll find one set of standards that will play that role.

Fed Cloud Blog: [Let’s] go back a little bit and talk about security.

Some people — both in the private and public sectors — have said that one of the biggest things about moving to the cloud is that you can’t move everything. There are certain things that . . . no matter how much security you have in the cloud, you’re just not going to want to do it, for whatever reason.

In your article, you say, “If you’re still uncomfortable moving your apps, data or portion of your computing requirements to a cloud vendor you can still benefit from the growing success of this market trend.”

Explain what you mean by that.

JK: First of all, let’s step back and be honest with ourselves [about the fact] that many established organizations and data centers are not nearly as secure as we’d like them to be.

In fact, if you do a survey of the publicly announced security infractions that have occurred, you’ll find that almost all of them — and I can’t think of any involved cloud computing — but all of them have, in fact, involved traditional data center environments or laptop situations — where the laptop was either lost or stolen, and, as a result, there is some data incursion involved.

So, this says that the old way of doing things isn’t necessarily as secure as we would like it to be, either.

Therefore, I think the cloud computing alternatives deserve at least a chance to demonstrate that they could be if not as secure, even more secure.

Now, leaving that aside, there are a couple things that can still be learned from cloud computing, even if you don’t go the route of taking advantage of a third party, publicly oriented service.

Number one, there’s a growing array of private or virtual-private cloud services, where in fact you’re not really sharing resources with other organizations. Instead, you have dedicated resources that have been designed to meet your specific need and, hopefully, security that’s been enhanced as a result.

Number two, there’s a growing assortment of what are called appliance options, which are cloud-based services you can subscribe to but deploy behind your firewall.

Those services and resources are basically in a locked down configuration that you can utilize — you can’t necessarily reconfigure — but are synchronized with a service provider.

So, they sit behind your firewall and remain secure in that regard.

The final aspect of all of this just learning best practices of these cloud computing companies.

There are a growing number of government agencies and institutions who are visiting with Amazon or Google or SalesForce or even Facebook, and learning how they operate and trying to emulate their operating procedures from the point of view of system configuration, standardization, as well as development standards and simplification, so as to improve the internal operation of a data center through better automation and agility.

FCB: One final question — are there any lessons to be learned by Google versus China?

JK: There are a couple, that is, first of all each country has its own set of standards — or expectations, if you will, or customs — about what they believe are the standards for things like security, operations and transparency.

The cloud computing world is touched by that like every other aspect of commerce in society.

It’s an example of how the mores of China are influencing the evolution of cloud computing.

Tomorrow: FCB talks with new Cyber Czar Howard Schmidt.

Federal government has leadership role in migration to cloud

Is the federal government out in front when it comes to moving to cloud computing?

Photo: ecommercetimes.com

Jeffrey M. Kaplan is Managing Director of THINKstrategies, Inc. and recently wrote an article about the adoption of cloud.

He told Fed Cloud Blog that he thinks cloud is going to become increasingly important in 2010 — and that the federal government has already taken a leadership role in this sphere.

Fed Cloud Blog: We read your article discussing cloud computing and one of the more interesting things was that you said, “Those who don’t make the move in 2010, will not only be left behind, but risk losing their jobs, as well.”

Talk a little bit about how this applies to the private sector — and do you think this is going to apply to the federal government, too?

Jeffrey Kaplan: It absolutely is.

So, let’s start with the overall thought behind this, and that is that, first of all, the cloud computing marketplace is evolving quite rapidly.

These Internet or Web-based alternatives are becoming truly viable alternatives or options for IT organizations to consider, as well as the business end-users that they may be supporting.

What we’ve seen is the evolution of this marketplace that began with the success of software-as-a-service, or alternatives to on-premise applications.

That effort was led by companies like SalesForce.com in the CRM space, as well as Google with its Google Apps alternatives to Microsoft Office.

With the success of those applications has come a new generation of computing services and those have been driven by companies like Amazon with their Amazon Web services, which allow organizations to basically acquire computing power by the MIP or even by the hour.

That has become a very popular alternative to going out and actually purchasing more computing power that basically sits around in a data center someplace whether its being used or not.

So, in today’s tough economic times, it’s nice to have a more flexible option than the old way of having to go out and buy more and more product.

FCB: So, how will this effect employment?

JK: Well, it effects it in a number of ways.

There was actually an interesting article in The Boston Globe [recently] talking about the fundamental change in employment in the workplace, where more and more people are finding themselves working as freelancers rather than full time employees — and that the structure of the workplace is changing where more and more organizations prefer these kinds of freelancers, as opposed to making a commitment to a full time person.

The Web permits more people to take advantage of applications that were not at their disposal in the past.

They can now use, for their own personal purposes, as well as within more dispersed workplaces, to share information, to collaborate around business processes, and even to communicate more effectively between organizations.

FCB: [So] the stereotype is that the federal government is often behind when it comes to these sorts of IT developments. That’s not always the case . . . but there are some federal agencies that are really wary when it comes to doing this kind of stuff.

JK: Well, certainly there are, but the Obama administration has stated even before it came to office that it’s a firm proponent of cloud computing alternatives and it’s new CIO has really been driving that effort.

In fact, the federal government launched a Web site in the fall of 2009 — Apps.gov — which is a terrific site that includes an assortment of Web-based applications that various federal and government agencies — state and local, as well — can take advantage of.

But, it also has a tremendous amount of best practice information about cloud computing: what it means, how it can be deployed to meet organizational requirements, and, not only the benefits, but risks that have to be overcome in order to ensure that it’s properly secured and is reliable and is meeting organizational business objectives.

They also have, through [NIST], helped to define the meaning of cloud computing, which is one of those terms that means many things to many people.

So, in those regards, the federal government is actually playing a leadership role in the overall migration to cloud computing.

Look for part 2 of our chat with Kaplan coming later this week.

To successfully travel into the cloud, throw out that legacy mindset

---

Listen to the entire interview with Reuven Cohen.

---

On this Friday, Fed Cloud Blog talks with Reuven Cohen, founder & Chief Technologist for Toronto-based Enomaly, Inc.

Not only does he work in and blog regularly about the cloud, he helped the U.S. federal government to define its strategy for cloud computing — and collaborates with other governments, as well.

FCB asked him about the meaning of the term ‘cloud computing’ to start off our interview, mainly because we’ve found that different people think of the cloud in different ways.

Reuven Cohen: There’s two basic terms when looking at cloud computing. First of all, there’s the aspect of the cloud, which is a metaphor for the internet. Then there’s cloud computing, which, again, is also a metaphor, but it’s more of an analogy in that sense. It’s Internet-centric computing. It represents a shift from sort of the traditional desktop-centric approach to computing, to one that’s a little bit more network- or Internet-centric. So, it’s the Internet as an operational environment.

Fed Cloud Blog: What are some of the advantages of operating on the Web versus having everyone load software on their PC?

RC: One of the big benefits is in terms of capital expenditure. When you’re using someone else’s infrastructure — one that’s remote rather than your own — there’s no big, up front costs. You sort of move from a cap-ex to an op-ex — an operational expense — which is a little easier to manage and much, much more flexible. So, rather than buying a server that may sit under-utilized, you utilize the capacity if and when you need it. It’s a more flexible approach to the aspects of computing.

FCB: Since we are the ‘federal Cloud Blog’, we deal with a lot of federal agencies and federal employees. The biggest concerns we’ve found while doing interviews with people in the federal sphere is that they recognize that there’s cost savings that could be realized through moving to the cloud . . . but everybody also brings up the [issue of security].

RC: The aspects of movement to the cloud is already happening. From the government’s point of view, the Internet has become a crucial conduit for communications, regardless of whether you want to admit that or not. So, by saying cloud computing isn’t going to happen or isn’t happening is just basically sticking your head in the sand.

[W]hat’s good about the current administration is they’re embracing the idea of the Internet as being sort of that evolution of computing — and saying it isn’t perfect. It certainly far from being perfect, but it certainly does solve a lot of problems in terms of broad communications and collaboration.

I think the answer is that it’s not a one-size-fits-all solution. There are certainly areas that are better suited to cloud computing — the kind of low-hanging fruit — and there’s other areas where it it may not be as good a solution. So, it’s picking and choosing the areas that make sense while keeping an open mind.

FCB: [How can one] convince either a supervisor or agency head — “Hey, Software-as-a-Service is great! Or, we should maybe look at Infrastructure-as-a-Service!” Any advice in that area?

RC: Here’s the dilemma that you face — and this is as big an issue with an enterprise as it is in a large organization like the government in terms of the adoption of cloud computing. You’ve got these two basic groups.

In a business context, you’ve got a business group — and they’re seeing the cloud as a way that they can go out and do something quickly and easily without a lot of friction. You know, I can go to Salesforce or Amazon or Google, get my application deployed, built and sent out with relative ease.

On the other side of the spectrum, you’ve got the IT groups that are saying — “Hey now, I want that level of control that we’ve always had,” from the point of view of security and auditability and compliance and all those sorts of things.

So, you get this kind of tug-of-war between these two groups within these organizations: the ones that want control and to maintain the status quo and the other groups that want to do something quick and easy. The two don’t typically go hand-in-hand.

What needs to happen is there needs to be this opportunity to sort of bridge the issue. So the pitch, in a sense, is the efficiencies that allow you to go out and use things that are relatively easy to access from a cloud point of view — I can go get an application that’s built, ready to go without a whole lot of friction — or, from the point of view of compute capacity — I now have the ability to go to an Infrastructure-as-a-Service provider and get access to a thousand servers per hour to get a job done that otherwise I probably would have never been able to do before.

So, it’s the idea of opportunity. It’s the idea of doing something that was never possible before. With that instant access to capacity or services, you know, [it] opens up a whole new variety of opportunities that were never possible.

FCB: Any advice on changing that mindset and helping IT managers to feel better about cloud computing, if they have a problem with it?

RC: The idea of control is one that assumes you’re not going to ignore that the shift is happening. So, if you embrace it, you have the ability to help define it. That’s important. By saying — cloud computing just doesn’t work for us — means you’re ignoring the fact that it’s probably going to happen anyway.

So, by saying it is happening, and there is the opportunity to do things with this type of technology, you can put the procedures in place that help shift how this technology is going to be adopted, rather than just saying — it’s not going to work for us.

I think the opportunities, from an IT group, is to embrace the concept and put those strategies in place to say, if a user’s going to use this type of technology, here’s how we recommend you do it. This is mostly around the idea of best practices, procedures, and — possibly — standards that are in place that help in that regard, rather than just ignoring the fact.

FCB: Different agencies are in different places when it comes to moving into the cloud. . . . What advice do you have for federal agencies that are looking at the cloud but are still unsure?

RC: One of the things I would suggest is not to look at it from a legacy point of view. It isn’t a matter of taking what we’ve done in the past and shoe-horning it into the cloud. That doesn’t make any sense.

The opportunities are things that you haven’t been able to do in the past. It’s looking forward. It’s the things that the cloud enables us to do. The things that we could never do before. It’s those opportunities that you should be looking at — not saying, “Well here’s how we’ve always done it and that doesn’t work in the cloud”. That’s the wrong way to look at it.

I think that you should look at it [like] the glass is half full. It’s the bigger opportunities to do things that were not possible.

Read Reuven’s blog and follow him on Twitter: @ruv. We do!